Domain Controllers Auditing Best Practices

Hi all,

Anybody has a best practice recommendations when auditing Domain Controllers? Specific events? Also, any specific locations on the DCs that you guys monitor using CA's File System auditing capabilities?

Thanks,

Laz

Parents

0 mcsebala over 2 years ago

Consider monitoring / backup the security event id in domain controller. if you monitor all event id then you can't provide storage for storing events.

Change auditor having limitation and it store the audit details in SQL database. I guess limited days of audit details can be stored.

I would recommend to use Quest Intrust for gathering and storing the event ids.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 mcsebala over 2 years ago

Consider monitoring / backup the security event id in domain controller. if you monitor all event id then you can't provide storage for storing events.

Change auditor having limitation and it store the audit details in SQL database. I guess limited days of audit details can be stored.

I would recommend to use Quest Intrust for gathering and storing the event ids.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 lffernandez over 1 year ago in reply to mcsebala

Thank you very much... we are already using the Quest Intrust to send the DC event logs to our SIEM.... I was mostly looking for locations in the file system to audit on DCs.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel