Introduction
Örnek SIEM Kuralları - 20

Örnek SIEM Kuralları - 20

  • L2L - Event ID - 4865 - A trusted forest information entry was added. tetiklenirse alarm üret.
  • L2L - Event ID - 4866 - A trusted forest information entry was removed. tetiklenirse alarm üret.
  • L2L - Event ID - 4867 - A trusted forest information entry was modified. tetiklenirse alarm üret.
  • L2L - Event ID - 4816 - RPC detected an integrity violation while decrypting an incoming message. tetiklenirse alarm üret.
  • L2L - Event ID - 4906 - The CrashOnAuditFail value has changed. tetiklenirse alarm üret.
  • L2L - Event ID - 4621 - Administrator recovered system from CrashOnAuditFail. tetiklenirse alarm üret.
  • L2L - Event ID - 6145 - One or more errors occurred while processing security policy in the group policy objects. tetiklenirse alarm üret.
  • L2L - Event ID - 5038 - Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. tetiklenirse alarm üret.
Author

EAE

View Comments
Next Post

Örnek SIEM Kuralları - 21

Previous Post

Chrony NTP Server Yapılandırması