Forum Discussion

David Caddick's avatar
David Caddick
Iron Contributor
Apr 17, 2020

MDATP - how to? is it possible to:

Hi All,

 

Asking some potentially dumb questions & looking for guidance if these actions are possible:

  • Monitor for any changes in the Event Log settings - i.e. change of size, retention, file, etc for System/Security/Application/Powershell Event Logs
  • Monitor for any changes to the HOST/HOSTS file - could just use Folder Protection/Controlled Folder access?

I'm particularly interested if there is any way of monitoring for any changes to the Event Logs

 

Regards,

Socially distancing Dave

Resources