David Caddick
Apr 17, 2020Iron Contributor
MDATP - how to? is it possible to:
Hi All,
Asking some potentially dumb questions & looking for guidance if these actions are possible:
- Monitor for any changes in the Event Log settings - i.e. change of size, retention, file, etc for System/Security/Application/Powershell Event Logs
- Monitor for any changes to the HOST/HOSTS file - could just use Folder Protection/Controlled Folder access?
I'm particularly interested if there is any way of monitoring for any changes to the Event Logs
Regards,
Socially distancing Dave