What system events to monitor ? Basics.

Here are the most common events you can monitor into your infrastructure :

User Logon Reports on Successful User Logons
User Logoff Reports on Successful User Logoffs
Logon Attempts Reports on Logon Attempts
Audit Log Access Reports on Audit Logs Cleared
Object Access Reports on Object Access
System Events Reports on System Events
Host Session Status Reports on Host Session Status
Successful User Account Validation Reports on Successful User Account Validation
UnSuccessful User Account Validation Reports on UnSuccessful User Account Validation
Track Account Management Changes Reports on User Account Changes
User Group Changes Reports on User Group Changes
Track Audit Policy Changes Reports on Audit Policy Changes
Track Individual User Action Reports on Individual User Action

Be the first to comment

Leave a Reply

Your email address will not be published.