Here is a quick brief description:
This guide is designed to help organizations plan a security monitoring and attack detection system based on Windows Security Event logs. It highlights how to interpret the events and which events indicate the possibility that an attack is in progress.
Overview
The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:
- Introduce the concepts of security monitoring and attack detection.
- List applications that can provide event log correlation.
- Describe best practice activities and processes for developing a security monitoring and attack detection system.
- Identify business, technical, and security issues for:
Detecting policy violations
Detecting external attacks
Implementing forensic analysis - Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
- Provide the ability to implement data retention for Forensic Analysis.
Download it and start reading it. If not all, some parts of it maybe useful, for sure. Imagine starting to understand Forensic Analysis using Windows Log!!