Merge pull request #50 from Azure/docs-la-data-sources-events

Minor documentation changes around event collection
This commit is contained in:
Nick Price 2022-02-16 17:11:52 +11:00 коммит произвёл GitHub
Родитель b214641cc7 89603c11ea
Коммит 5648d6acbd
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 9 добавлений и 7 удалений

Просмотреть файл

@ -38,6 +38,7 @@ The current prototype version of the CloudSOE implements the following features:
- Disk encryption should be applied on virtual machines - Disk encryption should be applied on virtual machines
- Deploy vulnerability assessment solution on virtual machines - Deploy vulnerability assessment solution on virtual machines
- Azure Security Benchmark - Azure Security Benchmark
- Configure Windows machines to be associated with a Data Collection Rule
## Guest Configuration policy ## Guest Configuration policy
@ -137,15 +138,16 @@ The current prototype version of the CloudSOE implements the following features:
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- Event - Event
- Microsoft-Windows-NTLM/Operational - Microsoft-Windows-NTLM/Operational Event IDs: 8001, 8004
- Microsoft-Windows-CodeIntegrity/Operational - Microsoft-Windows-CodeIntegrity/Operational
- Microsoft-Windows-AppLocker/MSI and Script - Microsoft-Windows-AppLocker/MSI and Script
- Microsoft-Windows-Security-Mitigations/KernelMode - Microsoft-Windows-Security-Mitigations/KernelMode Event IDs: 1, 24
- Microsoft-Windows-Windows Defender/Operational - Microsoft-Windows-Windows Defender/Operational Event IDs: 1121, 1122
- Microsoft-Windows-Security-Mitigations/UserMode - Microsoft-Windows-Security-Mitigations/UserMode Event IDs: 1, 24
- Microsoft-Windows-Win32k/Operational - Microsoft-Windows-Win32k/Operational Event ID 260
- Microsoft-Windows-Windows Defender/WHC - Microsoft-Windows-Windows Defender/WHC Event IDs: 1121, 1122
- Security: All - System Event ID 5 (Microsoft-Windows-WER-Diag)
- Security: Azure Defender Commmon events & Event IDs: 4625, 4750
# Getting started # Getting started