You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
There are additional fields that would be helpful for digital forensics or attacker detection/hunting. Given that the intended audience for LME may be new to the topic of WEF, perhaps it is in the best interest of user success to create/enhance additional events into the WEF collection.
Below are repositories that have been beneficial in my own implementation:
Additionally, I recommend providing guidance on configuring workstation audit policies; the setting and removal of audit configuration policies can wipe out the client side auditing config, so setting it statically with GPO is the best approach to resolving that potential issue. A good breakdown can be found here: https://github.com/palantir/windows-event-forwarding/tree/master/group-policy-objects
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
There are additional fields that would be helpful for digital forensics or attacker detection/hunting. Given that the intended audience for LME may be new to the topic of WEF, perhaps it is in the best interest of user success to create/enhance additional events into the WEF collection.
Below are repositories that have been beneficial in my own implementation:
https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events
https://github.com/palantir/windows-event-forwarding/tree/master
Additionally, I recommend providing guidance on configuring workstation audit policies; the setting and removal of audit configuration policies can wipe out the client side auditing config, so setting it statically with GPO is the best approach to resolving that potential issue. A good breakdown can be found here:
https://github.com/palantir/windows-event-forwarding/tree/master/group-policy-objects
The text was updated successfully, but these errors were encountered: