Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Host intrusion monitoring

Created: 18 Sep 2012 | 3 comments

I am fine tuning a Tripwire installation and want to see if anyone out there has any recommendations on what files, logs, etc, you might monitor for tampering?  At present I have a combination of files, logs, etc, that are monitored, however, I'd like to know if anyone has other recommendations

Comments 3 CommentsJump to latest comment

bestwrangler's picture

I had read this once before, what about Windows side?

.Brian's picture

SAM and HOSTS file.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.