Skip to content

little-kawa/WindowsAdvancedAuditPolicyMap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

Files

Files

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Windows Advanced Audit Policy Map

Purpose

The first purpose of this project is to establish an exhaustive map of the correspondence between Windows advanced audit policy settings and event ids.
I then added the estimated volume of each policy settings if enabled.
I also marked audit policy settings recommended by ANSSI to be enabled.
This project is based on the documentation for Windows 10/11 and Windows Server >= 2016

Display the PDF version

Contribution

If you have ideas to improve this project, contributions are of course welcome <3

Documentation

ANSSI Guide
Microsoft Documentation

About

The main purpose of this project is to establish an exhaustive map of the correspondence between Windows advanced audit policy settings and event ids.

github.com/little-kawa/WindowsAdvancedAuditPolicyMap

Topics

windows security events policy audit-logs policies gpo event-id anssi

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

2 watching

Forks

0 forks
Report repository