Recently we have implemented Mcafee Enterprise security Manager SIEM
To collect all events and logs from all network, servers, event viewer and other logs.
I'm looking for what exact configurations should be made on Microsoft servers to enable audit, logging to be collected by SIEM.
Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that
I did some research but I didn't get clear or complete answer for that
Servers list I've:
Please i don't know if some settings should be enabled or may not, just to confirm!
Moved from Consumer Products to SIEM for better assistance By Moderator
I will answer for both DNS and DHCP servers as you don't have so many things to configure.
The two mentionned path can be moved to other location if needed
DHCP rotate the file based on days, every day at 12:00AM by default. (DhcpSrvLog-Mon,DhcpSrvLog-Tue,...)
Microsoft does not have any standards about logging. However you can compile yourself a list of useful events that you would like to collect based on the following links:
Hope this helps
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC