creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/configuring-windows-event-logging-for-detection/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.5 KiB
Raw Blame History

Windows Event Logging for Detection — API Reference

Key PowerShell Cmdlets

Cmdlet Description
auditpol /get /category:* View advanced audit policy
auditpol /set /subcategory:"Process Creation" /success:enable Enable audit subcategory
Get-WinEvent -ListLog * List available event logs
wevtutil sl Security /ms:1073741824 Set Security log max size to 1 GB

Critical Event IDs for Detection

Event ID Log Description
4624/4625 Security Successful/failed logon
4662 Security Directory service object access
4688 Security Process creation (with command line)
4698 Security Scheduled task created
4720 Security User account created
4732 Security Member added to security group
4768/4769 Security Kerberos TGT/service ticket
1 Sysmon Process creation with hashes
3 Sysmon Network connection
7 Sysmon Image loaded (DLL)
11 Sysmon File creation
4104 PowerShell Script block logging

Recommended Log Sizes

Log Minimum Size
Security 1 GB
Sysmon/Operational 512 MB
PowerShell/Operational 256 MB
System 256 MB

External References

Reference in New Issue View Git Blame Copy Permalink