17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success' (Automated)

System_AuditSecuritySystemExtension

This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It's used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account.

Audit Policy CSPMicrosoftLearn

Previous17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success' (Automated)Next17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure' (Automated)

Last updated 2 years ago