I field numerous questions from Clients regarding Security Audit Event values when configuring Security Settings and SC Operations Manager 2007 Monitors and Rules. Finally, a single Worksheet has been generated by Microsoft which begins to document Security Audit Events instead of referencing 3 or 5 'Security Guides' that partially reference specific Audit Event values.
Several observations regarding this Security Audit Event Worksheet are appealing. Specifically, the ability to use the Excel Worksheet 'Data Filter' capability to isolate a single Event ID by Number. Also, when writing detailing SCOM2k7 Monitors we can focus on generating a legible Event Description detail. If you have not seen the complete listing of Windows 2008 Materials from Microsoft Press you will find a searchable list here.
Security Audit Events for Windows 2008 and Windows Vista
The Security Audit Event Worksheet displays Events by Category, Sub-Category, Event ID, Message Summary and Minimum Operating System.
The 'Complete Event Message' Tab details reference detail useful when generating SCOM2k7 Monitors.
Lynn Lunik
Independent Security Consultant
Windows(R) Platform
IT Pro Secure Corporation
and
exchangesummit.net
http://itprosecure.com and http://www.exchangesummit.net
blog <at> itprosecure.com
Posted
Apr 19 2008, 04:39 AM
by
lynn lunik