|
Posted by S. Pidgorny on August 21, 2007, 7:03 am
Please log in for more thread options
By analysing the event information?
There is no tool (that I'm aware of) that will reconstruct the events logged
into a simple sequence of user activities that led to the events.
The best approach to minimise the log noise is to monitor for exceptions
i.e. somebody reads a file that no one is supposed to read (a honeytoken),
or somebody is changing permission on the bosses' file share.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Hey guys im trying to implement audit policy in our network and im trying
> to
> test it. i setup a certain folder to be audited and i tried to create a
> file,
> delete a file, move a files and check the security log events. and theres
> a
> lot of security logs about the activity that i did but on the logs there
> are
> so many. my problem now is that how can i differentiate and determined
> the
> log saying that this file has been move to here, this file has been
> deleted,
> or this file has been created.
>
> hope you can help guys:)
>
> --
> Message posted via http://www.winserverkb.com
>
| 
XML Sitemap