Audit

Remove whitelisted events from Splunk search results

Splunk is a great tool to monitor and review many different kinds of log files. In some cases it can occur that you want to be alerted of specific types of events, but only for occurrences of the events that are not defined in an exceptions whitelist. For example: you may want to be alerted of all logons to your server by users who are not IT employees. While it is possible to enumerate all exceptions in the search query, this article shows how this can be done by storing all exceptions in a CSV-file. 

Tags: 

Windows built-in command-line tools

A list of tools which are available on any Windows operating system.

General

  • date /t: shows the current date
  • time /t: shows the current time

Windows memory

  • mem /P: Displays status of programs currently loaded in memory.
  • mem /D: Displays status of programs, internal drivers, and other information.
  • mem /C: Classifies programs by memory usage. Lists the size of programs, provides a summary of memory in use, and lists largest memory block available.

Tags: 

Audit Policy Settings for Windows XP

An Audit policy determines the security events to report to administrators so that user or system activity in specified event categories is recorded. The administrator can monitor security-related activity, such as who accesses an object, when users log on to or log off from computers, or if changes are made to an Audit policy setting. For all of these reasons, Microsoft recommends that you form an Audit policy for an administrator to implement in your environment.

Tags: 

Subscribe to RSS - Audit