The Security Monitoring and Attack Detection Planning Guide

This guide is designed to help organizations plan a security monitoring and attack detection system based on Windows Security Event logs. It highlights how to interpret the events and which events indicate the possibility that an attack is in progress.
  • Version:


    File Name:

    Date Published:


    File Size:

    337 KB

      The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:
      • Introduce the concepts of security monitoring and attack detection.
      • List applications that can provide event log correlation.
      • Describe best practice activities and processes for developing a security monitoring and attack detection system.
      • Identify business, technical, and security issues for:
        • Detecting policy violations
        • Detecting external attacks
        • Implementing forensic analysis
      • Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
      • Provide the ability to implement data retention for Forensic Analysis.
  • Supported Operating System

    Windows 2000, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows 95, Windows 98, Windows 98 Second Edition, Windows ME, Windows NT, Windows Server 2003, Windows XP

      • Adobe Acrobat Reader is required to view the documentation.

      1. Click the Download button on this page.

      2. Do one of the following:

        • To start the installation immediately, click Open or Run this program from its current location.

        • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
    • Solution Accelerators are free, scenario-based guides and automations designed to help IT Professionals who are proactively planning, deploying, and operating IT systems using Microsoft products and technologies. Solution Accelerator scenarios focus on security and compliance, management and infrastructure, and communication and collaboration.

      Get the Solution Accelerator Notifications Newsletter

      Subscribe to the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as

      • Communication & Collaboration
      • Security, Data Protection, & Recovery
      • Deployment
      • Operations & Management

      You may also receive invitations to participate in accelerator development via beta programs and customer surveys. Solution Accelerator Notifications is currently available in English only.

      If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).
Site feedback

What category would you like to give web site feedback on?

Rate your level of satisfaction with this web page today: