Good morning all,
We are trying to figure out how to get our administrators to create an audit log monitoring and review procedure. They need this to meet various NIST 800-53 controls. They need to be able to prove that they can monitor the following in accordance with mandated policy.
- Account Logon (Success, Failure) Domain Policy;
- Account Management (Success, Failure) Domain Policy;
- Directory Service Access (Success, Failure) Domain Policy;
- Logon Events (Success, Failure) Domain Policy;
- Object Access (Success, Failure) Domain Policy;
- Policy Change (Success Failure) Domain Policy;
- Privilege Usage (Failure) Domain Policy;
- System Events (i.e. starting, stopping) (Success, Failure); and
- Date stamps.
Is there a script, checklist, or something that would aid in this?
Thanks all!