This page lists publications on performing effective system monitoring.
Windows Event Logging and Forwarding
A common theme identified by the Australian Signals Directorate (ASD) while performing investigations is that organisations have insufficient visibility of activity occurring on their workstations and servers. Good visibility of what is happening in an organisation’s environment is essential for conducting an effective investigation. It also aids cyber security incident response activities by providing critical insights into the cyber security events relating to a cyber security incident and reduces the overall cost of responding to them.