nsacyber/Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

PowerShellNOASSERTION

Issues

AppLocker event descriptions inaccurate
#19 opened 4 years ago by IAmAnthem
0
Subscription Organization
#17 opened 5 years ago by CliffordRichmond
0
Prerequisite Audit Policy/Advanced Audit Policies
#15 opened 5 years ago by CliffordRichmond
3
Event with ID = 7045 from System log has incorrect source
#13 opened 6 years ago by vburov
0
Spelling error on Provider "Microsoft-Windows-CertificateServicesClient-Lifecycle-System"
#14 opened 5 years ago by hcs0
0
"Microsoft-Windows-CertificationAuthority" is not the event log - it is source of events from Application log
#9 opened 6 years ago by vburov
3
Incorrect event id specified for "CA Permissions Corrupted or Missing" in section "Certificate Services" of "Windows Event Monitoring Guidance\Recommended Events to Collect" document
#10 opened 6 years ago by vburov
4
Getting 404 on IAD site
#8 opened 6 years ago by gregs5
2
Why not just level 3?
#1 opened 8 years ago by ciberesponce
1
XPath queries for WiFi connection encryption and authentication status events have right brackets in wrong spots
#3 opened 9 years ago by iadgovuser1
0