SIEM Monitor Log Question

old.reddit.com / @/u/CurrentDangerous1854, https://old.reddit.com/user/CurrentDangerous1854

Hello CMMC Reddit Community!

I'm working for small/medium company trying to check off CMMC requirements to become compliant.

I'm currently stuck on figuring out which Event ID's to monitor that indicate an admin has inputted their admin credentials. It doesn't seem like Windows has an Event ID that specifies when a person actually enter their admin credentials. The Event ID's I thought I could use are also triggered often by the system, so I'm not 100% I'm on the right path.

I was just wondering if anyone else has this type of log monitoring and if so what Event ID's are you looking for?

Thanks!

submitted by /u/CurrentDangerous1854
[link] [comments]

published about 9 hours ago


Previous

Now that the Supreme Court has overturned the Chevron deference doctrine, how does this effect CMMC/other government cyber security initiatives?
published 2 days ago

Next

See all items from the same source