updated sources

stuhli · Jun 19, 2024 · 5221a8f · 5221a8f
1 parent 28692b3
commit 5221a8f
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/README.md b/README.md
@@ -36,8 +36,6 @@ In addition, it is impossible to remember them all, given the huge number of eve
 - [Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#events) - Official resource.
 - [Symantec Endpoint Protection 14.0.X](https://knowledge.broadcom.com/external/article/170359/endpoint-protection-140x-event-log-entri.html) - Official resource.
 - [Symantec Endpoint Protection Manager](https://knowledge.broadcom.com/external/article/157017/endpoint-protection-manager-event-log-en.html) - Official resource.
-- [McAfee VirusScan Enterprise 8.x](https://kcm.trellix.com/corporate/index?page=content&id=KB54827) - VirusScan Enterprise entries in the Windows Application Event Log (Official resource).
-- [Compilation of Event IDs](http://www.chicagotech.net/wineventid.htm) - Collection of event IDs from 1 to 9999 and above.
 - [Events and Errors - Windows Server 2008](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754424(v=ws.10)) - Collection of event IDs from different windows event source. Applies to Windows Server 2008 and similar. (Official resource)
 - [Finding Forensic Goodness In Obscure Windows Event Logs](https://nasbench.medium.com/finding-forensic-goodness-in-obscure-windows-event-logs-60e978ea45a3) - List of lesser-known Event IDs.
 
@@ -55,6 +53,7 @@ In addition, it is impossible to remember them all, given the huge number of eve
   - [PowerShell Logging for the Blue Team](https://www.blackhillsinfosec.com/powershell-logging-blue-team/)
 - Security Auditing
   - [Command line Process Auditing](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing#configuration) - Enable 4688 featuring command line.
+  - [Critical Windows Event ID's to Monitor](https://graylog.org/post/critical-windows-event-ids-to-monitor/) - Monitoring suggestions.
   - [Events to Monitor](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor) - Official resource.
   - [Monitoring Guidance](https://github.com/JSCU-NL/logging-essentials) - Event monitoring guidance from JSCU (Joint SIGINT Cyber Unit) from Netherlands. With  volume estimates, and WEC/WEF configurations.
   - [Malware Archeology Windows Logging Cheat Sheet](https://www.malwarearchaeology.com/s/Windows-Logging-Cheat-Sheet_ver_Feb_2019.pdf)