MSFT Windows provides the SNMP Event Translator facility, which lets you translate events in the Windows eventlog into real-time alerts by converting the event into an SNMP trap. Use evntwin.exe or evntcmd.exe to configure SNMP traps.
C2 security is a government rating for security in which the system has been certified for discretionary resource protection and auditing capability.
Cisco does not support C2 auditing for SQL Server in the Unified ICM/Unified CCE environment. Cisco cannot guarantee that enabling C2 auditing on SQL Server will not have significant negative impact on the system. For more information on C2 Auditing, see C2 Audit Mode Option.
Active Directory auditing policies
It is recommended that you audit Active Directory account management and logins, and monitor audit logs for unusual activity.
The following table contains the recommended and default DC Audit policies.
Table 1 Active Directory Audit Policy Recommendations
Audit account logon events
Success and Failure
Account logon events are generated when a domain user account is authenticated on a Domain Controller.
Audit account management
Account management events are generated when security principal accounts are created, modified, or deleted.
Audit directory service access
Directory services access events are generated when an Active Directory object with a System Access Control List (SACL) is accessed.
Audit logon events
Success and Failure
Logon events are generated when a domain user interactively logs onto a Domain Controller or when a network logon to a Domain Controller is performed to retrieve logon scripts and policies.
Audit object access
Audit policy change
Policy change events are generated for changes to user rights assignment policies, audit policies, or trust policies.
Audit privilege use
Audit process tracking
Audit system events
System events are generated when a user restarts or shuts down the Domain Controller or when an event occurs that affects either the system security or the security log.