creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-windows-event-logging-for-detection/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

43 lines
1.5 KiB
Markdown
Raw Blame History

# Windows Event Logging for Detection — API Reference
## Key PowerShell Cmdlets
| Cmdlet | Description |
|--------|-------------|
| `auditpol /get /category:*` | View advanced audit policy |
| `auditpol /set /subcategory:"Process Creation" /success:enable` | Enable audit subcategory |
| `Get-WinEvent -ListLog *` | List available event logs |
| `wevtutil sl Security /ms:1073741824` | Set Security log max size to 1 GB |
## Critical Event IDs for Detection
| Event ID | Log | Description |
|----------|-----|-------------|
| 4624/4625 | Security | Successful/failed logon |
| 4662 | Security | Directory service object access |
| 4688 | Security | Process creation (with command line) |
| 4698 | Security | Scheduled task created |
| 4720 | Security | User account created |
| 4732 | Security | Member added to security group |
| 4768/4769 | Security | Kerberos TGT/service ticket |
| 1 | Sysmon | Process creation with hashes |
| 3 | Sysmon | Network connection |
| 7 | Sysmon | Image loaded (DLL) |
| 11 | Sysmon | File creation |
| 4104 | PowerShell | Script block logging |
## Recommended Log Sizes
| Log | Minimum Size |
|-----|-------------|
| Security | 1 GB |
| Sysmon/Operational | 512 MB |
| PowerShell/Operational | 256 MB |
| System | 256 MB |
## External References
- [Microsoft Audit Policy](https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-auditing)
- [Sysmon Configuration](https://github.com/SwiftOnSecurity/sysmon-config)
- [MITRE ATT&CK Data Sources](https://attack.mitre.org/datasources/)
Reference in New Issue View Git Blame Copy Permalink