2 Replies Latest reply on Feb 17, 2015 3:29 AM by ksudki

    SIEM auditing settings with Microsoft Servers


      Recently we have implemented Mcafee Enterprise security Manager SIEM

      To collect all events and logs from all network, servers, event viewer and other logs.

      I'm looking for what exact configurations should be made on Microsoft servers to enable audit, logging to be collected by SIEM.

      Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that

      I did some research but I didn't get clear or complete answer for that

      Servers list I've:

      • Exchange 2010 highly available
      • Active directory 2008 / 2012
      • SQL server 2008 / 2012
      • Hyper-V Servers 2010 / 2012
      • SharePoint Server 2010
      • DNS servers 2008
      • DHCP servers 2008


      Please i don't know if some settings should be enabled or may not, just to confirm!

      Appreciate support.