Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securty Audit Correlating

from [SecurIT Informatique Inc.] Network Security [Permanent Link]
Subject: Re: Securty Audit Correlating
Date: Thu, 16 Dec 2004 18:47:29 -0500 
Hello Jose,

I am not sure if this will fit all your bill, but you may want to look at my log centralising and analysis software LogAgent (http://securit.iquebec.com). It will analyse in real time your event viewer logs, so you can set filters for specific object access, accounts usage or event type, and it will convert your event viewer logs in ascii at the same time.

As for the correlating, it is probably possible to use one of the consoles I designed (LogIDS or LogMonitor) by converting your tickets in ascii. Or maybe that the extractor side-tool I wrote with these consoles is better suited for your needs. If you think that these things could help you, but the correlating does not exactly satisfy you, let me know and I can probably write you something customized to your needs, that is if you cannot find anything else around.

Feel free to contact me if you have any questions regarding these tools.

Adam Richard
SecurIT Informatique Inc.

At 02:54 PM 16/12/2004, Jose Costa wrote: 
Hi all,

Currently we are outsourcing our account creation,
password unlock/modify, folder creation/access control
and Internet/Applications Access Control to a third
company and we need some audit and reports. We use AD
running on W2K Server.

Basically what we want to do is to activate GPO
Account Management and Object Access and create some
users with Admin/Account Operators rights and log
their object access on File Servers top folders and
account management tasks.

After that,we need to do some correlating with Help
Desk Tickets, based on time. We will audit that with
samples, not all logs or tickets.

The target is to discover if these accounts were used
without a help desk ticket, or they were used more
than they should be, based on the ticket.

My idea is to export both (event viewer and help desk
tickets) to a .txt, .cvs, etc file and compare them.
After that generate a report. I'd like to make some
automation for that...

Is there any best practices, samples, papers for that.

Any input or experience regarding it will be
appreciated.

Best Regards,

Jose Luiz





_______________________________________________________
Yahoo! Mail - Agora com 250MB de espaço gratuito. Abra
uma conta agora! http://br.info.mail.yahoo.com/

---------------------------------------------------------------------------
---------------------------------------------------------------------------

_____________________________________________________________________

Envie de discuter gratuitement avec vos amis ?
Téléchargez Yahoo! Messenger http://yahoo.ifrance.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Subdomain security, Renouf, Phil
Next by Date:  RE: iisadmpwd/UPN, Paul Heath
Previous by Thread:  Securty Audit Correlating, Jose Costa
Next by Thread:  RE: Securty Audit Correlating, Jose Costa
Indexes:  [Date] [Thread] [Top] [All Lists]