Ok so i’ve been showing how alot of things do NOT get audited in Windows out of the box (on Twitter obviously) so I thought I’d export the CSV which you can import to enable some of the advanced logging features into a GPO without so many clicks (RSA sucks!)
So here is a CSV file that you can use to import! this isn’t everything you need to do, but it’s a start!
We’ll update more but go check out the Micosoft Security Baselines and CIS baselines for more details!
Also check out the NCSC guidance on logging:
and the LME (Logging made ez)
There’s so many resources there’s no excuse to not be logging!