In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look.

Cheat Sheets to help you in configuring your systems:

MITRE ATT&CK Cheat Sheets

The MITRE ATT&CK Logging Cheat Sheets are available in Excel spreadsheet form on the following Github:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update Log:

SysmonLCS: Jan 2020 ver 1.1

Fixed GB to Kb on log size

WSplunkLCS: Sept 2019 ver 2.22

Minor code tweaks, conversion

WSysmonLCS: Aug 2019 ver 1.0

Initial release

WRACS: Aug 2019 ver 2.5

Added a few more items

WSLCS: Feb 2019 ver 2.21

Fixed shifted box, cleanup only

WLCS: Feb 2018 ver 2.3

Added a couple items from Advanced

Adjust a couple settings

General Clean up

Referenced the Windows Advanced Logging Cheat Sheet

WALCS: Feb 2019 ver 1.2

Updated and added several items

WHLCS: June 2018 ver 1.0

Initial release

WFACS: Oct 2016 ver 1.2

Added a few new locations

WRACS: oct 2016 ver 1.2

Added many autorun keys

Sorted the keys better

WSLCS: Mar 2018 ver 2.1.1

Fixed shifted box, cleanup only

WLCS: Jan 2016 ver 2.0

Added Event code 4720 - New user account created

Changed references to File and Registry auditing to point to the new File and Registry auditing Cheat Sheets

Expanded info on Command Line Logging

WRACS: Jan 2016 ver 1.1