16 lines
665 B
Markdown
16 lines
665 B
Markdown
[sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon)
|
|
|
|
[sysmon config](https://github.com/olafhartong/sysmon-modular)
|
|
|
|
[inputs for splunk](https://github.com/mdecrevoisier/Splunk-input-windows-baseline/blob/main/splunk-windows-input/win_input.conf)
|
|
|
|
[splunk universal forwarder](https://www.splunk.com/en_us/download/universal-forwarder.html)
|
|
|
|
[elastic agent](https://www.elastic.co/downloads/elastic-agent)
|
|
|
|
|
|
## Event Logs
|
|
- process tracking #enables CMD logging
|
|
- enable wmi
|
|
- enable powershell remoting
|
|
- [Audit Policy](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations) |