From 5221a8f772a6fde2b446732a8c89da83133824b3 Mon Sep 17 00:00:00 2001 From: Mathias Stuhlmacher Date: Wed, 19 Jun 2024 19:35:14 +0200 Subject: [PATCH] updated sources --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 658b6b0..8b199ec 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,6 @@ In addition, it is impossible to remember them all, given the huge number of eve - [Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#events) - Official resource. - [Symantec Endpoint Protection 14.0.X](https://knowledge.broadcom.com/external/article/170359/endpoint-protection-140x-event-log-entri.html) - Official resource. - [Symantec Endpoint Protection Manager](https://knowledge.broadcom.com/external/article/157017/endpoint-protection-manager-event-log-en.html) - Official resource. -- [McAfee VirusScan Enterprise 8.x](https://kcm.trellix.com/corporate/index?page=content&id=KB54827) - VirusScan Enterprise entries in the Windows Application Event Log (Official resource). -- [Compilation of Event IDs](http://www.chicagotech.net/wineventid.htm) - Collection of event IDs from 1 to 9999 and above. - [Events and Errors - Windows Server 2008](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754424(v=ws.10)) - Collection of event IDs from different windows event source. Applies to Windows Server 2008 and similar. (Official resource) - [Finding Forensic Goodness In Obscure Windows Event Logs](https://nasbench.medium.com/finding-forensic-goodness-in-obscure-windows-event-logs-60e978ea45a3) - List of lesser-known Event IDs. @@ -55,6 +53,7 @@ In addition, it is impossible to remember them all, given the huge number of eve - [PowerShell Logging for the Blue Team](https://www.blackhillsinfosec.com/powershell-logging-blue-team/) - Security Auditing - [Command line Process Auditing](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing#configuration) - Enable 4688 featuring command line. + - [Critical Windows Event ID's to Monitor](https://graylog.org/post/critical-windows-event-ids-to-monitor/) - Monitoring suggestions. - [Events to Monitor](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor) - Official resource. - [Monitoring Guidance](https://github.com/JSCU-NL/logging-essentials) - Event monitoring guidance from JSCU (Joint SIGINT Cyber Unit) from Netherlands. With volume estimates, and WEC/WEF configurations. - [Malware Archeology Windows Logging Cheat Sheet](https://www.malwarearchaeology.com/s/Windows-Logging-Cheat-Sheet_ver_Feb_2019.pdf)