SN19: Deep Dive into Windows Auditing

Document created by jmerrill on Sep 28, 2009Last modified by jmerrill on Jul 8, 2014
Version 3Show Document
  • View in full screen mode
Deep Dive into Windows Auditing
Speakers: Till Jäger, Principal Sales Engineer-ArcSight; Fabian  Libeau, EMEA Director-ArcSight
Microsoft Windows has the ability to audit various user activities by default, including authentication, authorization and administration information. This session will demonstrate how to get the most out of the standard auditing functionalities of Windows, and show how different audit events belong together but for which limitations also exist. Furthermore, several use cases will be developed and highlighted to show how Windows auditing functions can be implemented in ArcSight ESM to increase the security posture and to deliver meaningful data.
Level: Advanced