https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32243#M2209 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/545444613">@N_Bakewell</a>&nbsp;&nbsp;&nbsp; Here is a link to a Sans GIAC paper, which you may find useful:&nbsp; <A href="https://www.giac.org/paper/gcia/7008/logging-monitoring-detect-network-intrusions-compliance-violations-environment/115345" target="_blank">https://www.giac.org/paper/gcia/7008/logging-monitoring-detect-network-intrusions-compliance-violations-environment/115345</A></P><P>&nbsp;</P><P>Look at the check list at the end of the piece.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Sat, 01 Feb 2020 23:43:32 GMT Caute_cautim 2020-02-01T23:43:32Z https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32216#M2196 <P>Good afternoon,</P><P>&nbsp;</P><P>I am currently developing my company's list of auditable network security events - things that are monitored and caught through logs that warrant an administrator's attention.&nbsp; For example, the creation of a new privileged account, a server restart, excessive volume of file transfer.&nbsp; Some of these happen in real time - for example, the moment a new privileged account is created, the alert happens, and another administrator verifies the validity of the new account.&nbsp; Some happen on a recurring basis - same example, I could say that every quarter we review all of the privileged accounts to ensure they are still accurate.</P><P>&nbsp;</P><P>I spent some time searching the internet and surprisingly didn't find anything overly useful.&nbsp; So I come to you - do any of you know of a good repository of the most common events to monitor, so I can bounce my own list off of it?</P> Fri, 31 Jan 2020 19:48:20 GMT https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32216#M2196 N_Bakewell 2020-01-31T19:48:20Z https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32225#M2200 <P>Have you tried looking for something like top SIEM alerts since it seems like all these things would be SIEM triggers.. just a thought..</P><P>&nbsp;</P><P>John-</P> Fri, 31 Jan 2020 21:40:30 GMT https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32225#M2200 JKWiniger 2020-01-31T21:40:30Z https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32243#M2209 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/545444613">@N_Bakewell</a>&nbsp;&nbsp;&nbsp; Here is a link to a Sans GIAC paper, which you may find useful:&nbsp; <A href="https://www.giac.org/paper/gcia/7008/logging-monitoring-detect-network-intrusions-compliance-violations-environment/115345" target="_blank">https://www.giac.org/paper/gcia/7008/logging-monitoring-detect-network-intrusions-compliance-violations-environment/115345</A></P><P>&nbsp;</P><P>Look at the check list at the end of the piece.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Sat, 01 Feb 2020 23:43:32 GMT https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/32243#M2209 Caute_cautim 2020-02-01T23:43:32Z https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/33529#M2447 <P>Thank you Caute_cautim. I had the same question too and did not find a practical answer. I will use the paper as a starting point.</P> Tue, 10 Mar 2020 13:50:58 GMT https://community.isc2.org/t5/Tech-Talk/List-of-auditable-network-security-events/m-p/33529#M2447 GJCR5657 2020-03-10T13:50:58Z