Securty Audit Correlating

From: Jose Costa (joselpcosta_at_yahoo.com.br)
Date: 12/16/04

  • Next message: Zack Schiel: "RE: services running in windows domain (winXP clients)" 
    Date: Thu, 16 Dec 2004 16:54:53 -0300 (ART)
To: focus-ms@securityfocus.com

    Hi all,

    Currently we are outsourcing our account creation,
    password unlock/modify, folder creation/access control
    and Internet/Applications Access Control to a third
    company and we need some audit and reports. We use AD
    running on W2K Server.

    Basically what we want to do is to activate GPO
    Account Management and Object Access and create some
    users with Admin/Account Operators rights and log
    their object access on File Servers top folders and
    account management tasks.

    After that,we need to do some correlating with Help
    Desk Tickets, based on time. We will audit that with
    samples, not all logs or tickets.

    The target is to discover if these accounts were used
    without a help desk ticket, or they were used more
    than they should be, based on the ticket.

    My idea is to export both (event viewer and help desk
    tickets) to a .txt, .cvs, etc file and compare them.
    After that generate a report. I'd like to make some
    automation for that...

    Is there any best practices, samples, papers for that.

    Any input or experience regarding it will be
    appreciated.

    Best Regards,

    Jose Luiz

            
            
                    
    _______________________________________________________
    Yahoo! Mail - Agora com 250MB de espaço gratuito. Abra
    uma conta agora! http://br.info.mail.yahoo.com/

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Zack Schiel: "RE: services running in windows domain (winXP clients)"

    Relevant Pages

    • RE: Securty Audit Correlating
      ... exporting both(events and tickets) to a SQL/Access DB ... > viewer logs, so you can set filters for specific ... >>Currently we are outsourcing our account creation, ... >>After that generate a report. ...
      (Focus-Microsoft)
    • Re: Beware Paypal Sellers!!!!
      ... The buyer (with zero feedback) wanted ... the money to transfer to my PayPal account to transfer the tickets. ...
      (rec.games.pinball)
    • Re: They wiped us out
      ... Or if a vendor gives YOUR payment to your sons account...it is in YOUR ... your accounts and forgives your son's account cause the accounting dept ... back of the card, it CAN be enough reasonable doubt as to whether or not ... tickets for the group ... ...
      (rec.crafts.textiles.quilting)
    • Re: How To Make a Form Update a Table
      ... one .mdb file, while everything else goes in another. ... linked to a table called Tickets (Tickets is a child table ... Account ... for specialists to choose from, there have been a total of 670 ...
      (microsoft.public.access.forms)
    • Re: Pieceing together a 124-year-old puzzle
      ... The same applies to what Spofforth said. ... Almost every account of the ... JM Kilburn offered the suggestion that Dacre was ... The other reports I have so far ...
      (rec.sport.cricket)