AnsweredAssumed Answered

OS >= Win2k8/Vista detailed auditing

Question asked by mcalvi on Dec 19, 2012
Latest reply on Dec 20, 2012 by Christophe Delaure

i know that in the 6.19 upgrade some QIDs were added for detailed security auditing but there are still quite a few that are missing.  Are there any plans to add the rest?

 

From what I can see that are missing are below.

 

 

Category/Subcategory
System
     Security System Extension
     System Integrity

 

Logon/Logoff

     Logoff
     Account Lockout
     IPsec Main Mode
     IPsec Quick Mode
     IPsec Extended Mode

     Other Logon/Logoff Events
     Network Policy Server
     Object Access


Kernel Object
     SAM
     Certification Services
     Application Generated
     Handle Manipulation
     File Share
     Filtering Platform Packet Drop
     Filtering Platform Connection
     Other Object Access Events
     Detailed File Share

Privilege Use

     Non Sensitive Privilege Use
     Other Privilege Use Events

Detailed Tracking

     DPAPI Activity
     RPC Events
     Process Creation

Policy Change

     Authorization Policy Change
     MPSSVC Rule-Level Policy Change
     Filtering Platform Policy Change
     Other Policy Change Events

Account Management

     Distribution Group Management
     Application Group Management
     Other Account Management Events

DS Access

     Directory Service Replication
     Detailed Directory Service Replication

 

Account Logon
     Kerberos Service Ticket Operations
     Other Account Logon Events
     Kerberos Authentication Service

Outcomes