Skip to content

Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.

License

Notifications You must be signed in to change notification settings

subhashc/Windows-auditing-mindmap

 
 

Repository files navigation

Windows-auditing-mindmap

Project purpose

Windows auditing mindmap provides a simplified view of Windows Event logs and auditing capacities that enables defenders to enhance visibility for different purposes:

  • Log collection (eg: into a SIEM)
  • Threat hunting
  • Forensic / DFIR
  • Troubleshooting

Active mindmaps

The following mindmaps are currently provided:

  • Windows OS auditing baseline
  • Windows Server roles auditing (also covers SQL Server and Advanced Threat Analytics)
  • Active Directory (ADDS) auditing
  • Microsoft Azure
  • Exchange Server 2016/2019 auditing

Windows OS auditing baseline

This map provides an overview of the native Event logs shipped in Windows OS. They are classified into different categories (network, security, application,...) and their related auditing settings.

Windows Server roles auditing

This map provides an overview of the different Event logs and auditing capacities provided by Windows Server roles (ADCS, DHCP, DNS, OCSP, IIS, NPS, ADFS, MSSQL, RDS...).

Active Directory auditing

This map provides an overview of the different Event logs and auditing capacities provided by Active Directory (ADDS) role.

Microsoft Azure

This map provides an overview of the different data sources provided in Azure, available via EventHub or API.

Exchange Server 2016/2019

This map provides an overview of the different data sources provided by Exchange Server.

About

Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published