Microsoft Server with Mcafee SIEM auditing settings
Hi,
Recently we have implemented Mcafee Enterprise security Manager SIEM
To collect all events and logs from all network, servers, event viewer and other logs.
I'm looking for what exact configurations should be made on Microsoft servers to enable audit, loggings to be collected by SIEM.
Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that
I did some research but I didn't get clear or complete answer for that
Servers list I've:
Exchange 2010 highly available
Active directory 2008 / 2012
SQL server 2008 / 2012
Hyper-V Servers 2010 / 2012
SharePoint Server 2010
DNS servers 2008
DHCP servers 2008
Thanks
These ones may help. For more info I'd ask in a TechNet/MSDN forum for that specific technology.
https://technet.microsoft.com/en-us/library/dd335144(v=exchg.150).aspx
https://technet.microsoft.com/en-us/library/dn487457.aspx
https://technet.microsoft.com/en-us/library/cc280505(v=sql.105).aspx
https://support.office.microsoft.com/en-us/article/Configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2?CorrelationId=a54f4b90-d3d3-48b1-8d19-8dfaa268e835&ui=en-US&rs=en-US&ad=US
http://blogs.technet.com/b/yuridiogenes/archive/2008/03/06/auditing-a-dns-zone.aspx
https://technet.microsoft.com/en-us/library/cc758251(v=ws.10).aspx
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Similar Messages
-
Microsoft Servers with Mcafee SIEM auditing settings
Hi,
Recently we have implemented Mcafee Enterprise security Manager SIEM
To collect all events and logs from all network, servers, event viewer and other logs.
I'm looking for what exact configurations should be made on Microsoft servers to enable audit, loggings to be collected by SIEM.
Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that
I did some research but I didn't get clear or complete answer for that
Servers list I've:
Exchange 2010 highly available
Active directory 2008 / 2012
SQL server 2008 / 2012
Hyper-V Servers 2010 / 2012
SharePoint Server 2010
DNS servers 2008
DHCP servers 2008
Appreciate support.Thanks for updating,
MacAfee provided how to configure and how to integrate
but we still need baseline which setting should be enabled and what shouldn't for example AD audit setting on GPO
(based on Microsoft recommendation) this recommendation
MacAfee said whatever audit setting and logs i i will collect
I do not know any recommended setting from Microsoft. You may have to experiment on your own.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Static IP-ed server with Airport Extreme 802.11ac
Howdy, y'all, In support of an app for remote users, we wanna expose a Win server using a static IP from our cable provider. The ISP has provided us with the static IPs, DNS IPs and a gateway IP. At the moment, the Win server is on a subnet routed by our new Airport Extreme 802.11ac receiving a reserved IP. If I configure the Win server with the static IP settings from the ISP, there's no Internet connectivity because the gateway IP is a different subnet. When I connect the Win server directly to the cable modem and bypass the Airport Extreme, the Win server has Internet connectivity. I suspect that I'll hafta use a separate switch between the cable modem and the Airport Extreme for the Win server. I think that we'll then have departmental Wi-Fi routed by the Airport Extreme. Any other suggestions? Thanks much.
Do you only have a single IP??
If so you cannot give that IP to the win server.. then you have no other network connection.. or internet from other clients.
But you can simply put the Win server with a static LAN ip set via dhcp reservations and then set the win server as the default host.. all packet incoming to the public IP are then passed to the Win Server.
DHCP reservation on the network tab of the airport utility.
Default host is under Network options.
You will still use the AE as main router and set wan to either dhcp which should work fine or the static IP. -
BPC 7 (Microsoft) installed with incorrect regional settings
Hello experts
We have just established that our operating system was installed using the regional setting English (UK) instead of English (US). The symptom we currently have is that in the Report Library we get an error when sorting by date. We have been running BPC for around 4 months now and this is the only problem relating to dates that we have noticed.
We have been advised that the only way to correct this problem is to reinstall the operating system, SQL server and BPC.
Has anyone else experienced this problem? Re-installing everything seems like a major undertaking for what appears to be such a small problem. What other problems are we likely to have in the future if we don't reinstall everything?
We are running a single server with:
- Windows 2003 Server R2 Enterprise Edition
- SQL Server Enterprise 2008
- BPC 7.0 (Microsoft) SP04
Any advice gratefully accepted.
Thanks
TamaraHi You don't need to reinstall.
You just have to do the follow steps:
1. Open COntrol Panel - Regional and Language Options
Advance section - Select English US reg settings and select check box: "Apply the current settings to default user...."
Press Apply and Ok.
2. Open registry editor using regedit command (in comand line)
Go to HKEY_USERS- .Default- Control Panel - International and make sur enow you have English US settings.
If you have then export this key International into a file. US.reg
Check all key from HKEY_USERS- S-1-......- Control Panel - International
If it is any of these key not English US then edit the US.reg and replace .Default with S-1-....
for all occurences.
THis will solve your issue.
Another solution is actually to change for all keys from HKEY_USERS
.Default - Control Panel - International all the date format to be US format not UK format.
But this is a more dangerous change and it was not complete tested.
I suggest the first one which was tested for other customers.
I hope this will help you.
Sorin Radulescu -
Support configuring PlayBook on a Microsoft VPN with default settings
We have a Microsoft VPN running at work. I can connect to it from any Windows 7 PC with the default VPN settings. How can I configure the PlayBook to connect to the VPN. I have had no success after trying various settings.
Can anyone shed some insight into the correct settings - I too am attempting to get a VPN operational against a standard Microsoft Server VPN.
Is there something that I need to be able to ask IT ? where should I look ?
When I configure a new win 7 laptop all I need is the URL of the VPN server... -
am trying to restore the bak file into a new site collection in my sp 2010 standalone env.
am getting error
PS C:\Windows\system32> stsadm -o restore -url http://srvr1-01:123/sites/Repository -filename "C:\mBKUPCOPY\Sharepoint_bankup.bak"
STSADM.EXE : Your backup is from a different version of Microsoft SharePoint Foundation and cannot be restored to a server running
the current version. The backup file should be restored to a server with version '12.0.0.6318' or later.
At line:1 char:1
+ stsadm -o restore -url http://srvr1-01:123/sites/Repository -filename "C: ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Your backup is ...6318' or later.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandErrorAs stated in the other thread on this topic you can't restore a 2007 backup to 2010, it needs to be upgraded.
https://social.technet.microsoft.com/Forums/en-US/31c70f0a-5d89-4308-895b-af0c2b249114/restore-the-site-collection-from-moss-2007-to-sp-2010-site-collec?forum=sharepointadminprevious -
Microsoft Server 2008 R2 CA with DMVPN
Hi,
I want to Microsoft Server 2008 R2 Certificate Authority Server with DMVPN and that instead to preshared key. Used to certificate server when spokes connect to hub. Can i do it and if that possible then what can i do?
Thank you,
Regards,Hi,
Good to hear that and thanks for your feedback.
Have a good day!
Best regards,
Susie -
Can I do this with Microsoft Server 2012
Please can you help. I have a Dell 7610 workstation. My main server is a Netgear NAS rnd2000 which I would like to replace with a Dell T420 server. For that I will need a microsoft server software package. I would like to set it up like this:
Work off the workstation hard drive. That backs up automatically to the Dell T420 server which I can also access remotely when off site. As added security I would then like the Dell server to automatically back itself up to the old Netgear server which is locked
in a more secure location.
Can I do this and which Microsoft product do I need to purchase ? Is it also possible to sync my second back up computer in as well somehow so that I can use either computer and everything is synchronised ?
Regards,
John BowdenShould be able to do it with out-of-the-box components. Of course, you will still need whatever Netgear software is required to use their device. Depending upon how much you want to make automatic, you could go so far as to set up Direct Access
on the Windows Server and configure your workstation to store its files directly on the Windows Server. When you are connected to the internet, you have access to your files and they are automatically synchronized on the host. When not connected to the network,
you are working on local file copies.
Then on the server set up a task that backs up to the Netgear box.
Again, nothing additional from Microsoft.
. : | : . : | : . tim -
Our iMac isn't loading a specific website (we get a message saying it can't connect to that specific server), regardless of browser (I've tried it in Chrome, Safari, and Firefox). However, the same website, which is for a major medical provider, loads without any issue on our other computers on the same wireless network. Is it an issue with the iMac's settings? All other websites seem to be loading without issue on the iMac.
... Is it an issue with the iMac's settings?
Possibly. Make sure you are not using a proxy server. Look in Safari Preferences > Advanced > Proxies > "Change Settings..." This will take you to the applicable Network Preferences. Make sure that nothing is selected in the "select a protocol to configure" list. It should look like this:
Still not working?
Locate your Terminal app. It is in your Utilities folder. Open Terminal.
In Terminal, copy (triple-click) and paste the following line:
osascript -e 'tell application "System Events" to get name of every login item'
This will produce a list of all your account login items.
While you are in Terminal, copy (triple-click) and paste the following line:
kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
This will produce a list of all non-Apple kernel extensions. There will be few, if any.
Post the results of the above. -
Hi Oracle Gurus!
Currently, I am designing an ETL solution that transforms and loads a lot of data from flat files and sends it to an SQL Server 2008 R2 database for storage. However, at a future point of time, it may be decided to add or even replace SQL Server with an Oracle 11g database.
Currently, I am writing script transforms in C# to dynamically generate SSIS packages to tansform and load the data into SQL Server. But considering that in future, an Oracle 11g or 12c database might be added to, or replace the SQL Server database, how do I make my script transforms (or whatever else I am developing currently for SQL Server) reusable to the extent possible?
Or more precisely, what steps do I take, from an Oracle point of view, to ensure that any future migration of data to an Oracle database would be smooth to the extent possible?
Looking up to my Oracle Gurus for enlightenment in this matter!
Novice KidWhen you're writing your on C# code to load data into the SQL Server you have to modify the routines so that they will work with Oracle.
One approach is to use the extproc agent which would allow you to directly call external programs with all the logic in it to perform the load of your files and to put the data into the Oracle database. Another option would be to use utl_file package (or equivalents) which will allow you to open external files from your Oracle database and to directly read its content and then to pass it to the related tables. -
MicroSoft Content Management Server with WL Portal 10
Hello,
Has anyone got experience with integrating MS Content Management Server with the BEA WL Portal 10?
i need develop a custom SPI?
Comments, Issues, opinions?
Best Regards,
Zarco------- Pallav Tandon wrote on 1/18/05 1:37 PM -------Cam you elaborate more on the type of integration you are looking for.WE have done integration at portlet level...crawler level etc for MCMS .. I can share my experiences if you can provide some direct queries
Hi Pallav, we are also contemplating integration of MSCMS 2002 with plumtree. Can you describe what types of integration you have done?
- Brandt -
How to link Microsoft server 2012 with my windows app.
I have created an app which describes my university and I want to link a Microsoft Server 2012 machine so that i can send updates to the app users at any instance of time. I am using java script to code my app .....I am very new so please help!!!!
Thanks in advance....Hi Manojit
Thank you for posting in the MSDN forum.
Since Visual Studio General Forum which discuss Visual Studio IDE usage, so I’m afraid that it is not the correct forum for this issue.
To help you find the correct forum, could you please tell us which kind of app you create? Is it a WinForm app or other? What does “Link Microsoft
server 2012” mean in your app?
Thanks for your understanding.
Best Regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click HERE to participate the survey. -
Problems with Microsoft Server Update Service (WSUS)
Hi,
Anyone experienced similar?
The Microsoft Server Update Service (http://www.microsoft.com/windowsserversystem/updateservices/default.mspx) can be set up to use an ordinary proxy server.
But it cannot connect through Web Proxy Server 4.0.2. If I shift to a Squid Proxy Server everything is just fine and patches are downloaded right away!
Seems like a Sun Proxy problem?
Regards,
Kasper L�vschall
BTW: Any news on the release date of version 4.0.3?Thanks! Looking forward to the release...
Regards
Kasper -
Hello,
We have requirement to modify Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job.
I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced
permissions is a cumbersome job. Hence, I am looking for a command line options.
I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to
know the command hence, please do not re-direct me to scripting forum)
Manually through GUI, I am setting following.. snaps are given below
Thanks !You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
Thanks ! -
Error at RSOP while trying to set Audit settings via GPO
Hello,
i've configured Audit Policy via GPO and when i run RSOP on the server 2008 R2 i get X with the error "the policy engine did not attempt to configure the setting For more
information, see %windir%\security\logs\winlogon.log on the target machine.
Please help???Hi,
This problem may occur if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled. To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: Disable the policy setting by using Group Policy Object Editor
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
Method 2: Disable the policy setting by using Registry Editor
Note: Please backup the registry key before modify.
1.Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
2.Right-click SCENoApplyLegacyAuditPolicy, and then click Modify.
3.Type 0 in the Value data box, and then click OK.
Restart the computer after you make the change.
For more information, please refer to:
Security auditing settings are not applied to Windows Vista-based and Window Server 2008-based computers when you deploy a domain-based policy
http://support.microsoft.com/kb/921468/en-us
RSOP: the policy engine did not attempt to configure the setting
http://social.technet.microsoft.com/Forums/en-AU/winserverGP/thread/fde42cfc-bb74-4e11-8b60-c1a3cb5d80ed
If the problem still continues, please check the %windir%\security\logs\winlogon.log and reply the information in this log.
Regards,
Bruce
Maybe you are looking for
-
Hi all. I bought some stuff from Phlearn.com and their actions written in CS6 don't work in CC. Is there any way to migrate them? Thanks, Matt.
-
I know this has been posted repeatedly. However, I have tried all the generic solutions Mine is a little different. 1. I can connect with SQLPLUS to the database. I am on windows XP connecting to Oracle 10g on a Solaris box. So the listener is runnin
-
Does Siri have a spec sheet?
Does Siri have a spec sheet or developers forums? I'd like to know the specs, limitations and processes it goes through. I'm developing a suggestions forums/blog and would like to know this information. Thanks. You can follow my blog and twitter at:
-
Please help me, my iphone in the problem, and go to the nearest service center for Apple, and I am in saudi arabia "Riyadh, there is no branch of apple never, I hope the solution, there is a problem in your iphone , if the solution is to put my iphon
-
Download for Re-install of Adobe Acrobat 8 Pro?
I purchased Adobe Acrobat 8 Pro online at the Adobe website in 2009 and have been able to re-install as needed through downloads over the years. I have an active account and the serial number for the product but cannot find a download link at the Ad