Logging a specific event ID - skeleton key malware

Logging a specific event ID - skeleton key malware

I would like to log event IDs 7045 and 7036 for the psexecsvc service as detailed here  http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/ 


Can ADAP do this without auditing processes - which causes a large amount of data on the domain controllers? i.e. just look for an event Id and check for the process start?

Or do I need some other software to do this?


Thanks


Ian


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products