POPPSALAD Flashcards
Security Audit categories
(1) P
Policy Changes
changes to user rights, Windows Firewall, GPO’s, audit, or trust policies
(2) O
Object Access
When an object (i.e. file,folder,etc) is accessed that has a SACL.
(3) P
Privilege Use
When a user exercises a user right or privilege
(4) P
Process Tracking
Process Activation, process exit, and indirect object access.
(5) S
System
Computer security events such as restart, shutdown, or clearing the event log.
(6) A
Account Management
Creation, deletion, or change of user account, group, or any password change.
(7) L
Logon
Logon attempts
(these are logon attempts not authentication events)
(8) A
Account logon
Network based access to a computer and attempts to connect to shares; also known as authentication events
(9) D
Directory Services Management
When a user accesses a directory service object with a SACL