The Windows Auditing Mindmap gives defenders a simplified perspective of Windows Event logs and auditing capabilities, allowing them to improve visibility for a variety of purposes:
- Forensic / DFIR
- Log collection (eg: into a SIEM)
- Threat hunting
- Troubleshooting
The mindmaps that are currently provided are listed below:
- Active Directory auditing (ADDS)
- Azure (planned)
- Exchange Server auditing (planned)
- Windows OS auditing baseline
- Windows Server roles auditing (covers Advanced Threat Analytics and SQL Server)
The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/mdecrevoisier/Windows-auditing-mindmap