Jump to content

Recommended Posts

Posted

Windows Event Logs can be set up for Advanced Auditing. 

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings

Start>Local Security Policy>Advanced Audit Policy Configuration.

Enable anything you find interesting like Logon/Logoff, Process Creation/Termination, Credential Validation, Sensitive Privilege Use, RPC events, etc.

Check out software like Event Log Explorer or NirSoft FullEventLogView.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...