This blog is dedicated to those folks who've Google'd for Windows security event information and found newsgroup posts that I've made in the past. I feel your pain.
"Windows Auditing" is what we call the security logging feature of the Windows OS. In information security jargon, "audit" is an overloaded term. It is most commonly used these days to refer to the process of evaluating the security posture of information systems, but it is also commonly used, as in the rainbow series of books, to refer to the establishment of a record ("audit trail") for auditors to use in investigations. I will only be using it here in the latter sense.
When I first joined my team I suggested dropping the term "audit" in favor of "security logging", but was met first with blank stares and then with dismissal. Oh well. Since I lost that battle, when I use the word "audit", you can substitute "security event".
Anyway, I'm going to start off with a couple of common customer complaints and comments about Windows auditing.
Common Complaints & Comments:
I wish I could tell you all the cool things we're working on, but suffice it to say, we're aware of the problems around the security log and are working to address them. I'm always glad to receive email, however, if you have a suggestion.
PingBack from http://softwareinformation.247blogging.info/windows-security-logging-and-other-esoterica-kickoff-post-windows/