Logging a specific event ID - skeleton key malware

I would like to log event IDs 7045 and 7036 for the psexecsvc service as detailed here http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/

Can ADAP do this without auditing processes - which causes a large amount of data on the domain controllers? i.e. just look for an event Id and check for the process start?

Or do I need some other software to do this?

Thanks

Ian

Topic Participants
Ian
Bruce McClane

New to M365 Manager Plus?

Start your free trial

Resources

New to M365 Manager Plus?

Start your free trial

Resources

New to RecoveryManager Plus?

Start your free trial

Resources

New to RecoveryManager Plus?

Start your free trial

Resources

New to Exchange Reporter Plus?

Start your free trial

Resources

New to Exchange Reporter Plus?

Start your free trial

Resources

New to SharePoint Manager Plus?

Start your free trial

Resources

New to SharePoint Manager Plus?

Start your free trial

Resources

See all integrations

New to ADManager Plus?

Start your free trial

Resources

New to ADSelfService Plus?

Start your free trial

Resources

Logging a specific event ID - skeleton key malware

Logging a specific event ID - skeleton key malware

Topic Participants

Ian

Bruce McClane

New to ADSelfService Plus?

Related Products