Hi Guys.What event ID's are you capturing to make a ticket, or at least alert the NOC? I'm going to start a project with my team to monitor things a bit better when it comes to security. For instance, we are implementing a lot of SQL auditing at the moment to let us know when permissions/roles have been changed.I'd like to do the same with AD objects, but just other events to also be aware of.
No comments:
Post a Comment