The premise of this project is to first harden Windows based OS (Windows 10) through screenshots and written instructions. The second part is to enable auditing and interact with a small number of files to generate audit events. The final report will be linked in the References section.
The tools used here are the following:
- Oracle VM VirtualBox
- Windows 10 ISO
- Windows Defender Firewall
- Local Group Policy Editor
- Local Computer Policy
- Windows Defender Credential Guard
- Bitlocker
- auditpol
- PowerShell
- Splunk
- Used multiple tools as listed above to harden the Windows system (refer to written report for full details).
- Enabled auditing for Windows 10 via command line tool auditpol or Local Group Policy Editor (gpedit.msc) to edit audit policies.
- Forwarded it to Splunk by using the Splunk Universal Forwarder.
- Ran a search in Splunk to show data was successfully forwarded (see references for output).
- Learned how to use the tools listed in the Tools Used section to harden Windows OS.
- Learned how to enable auditing for Windows OS through command line or Local Group Policy Editor.
- Learned how to generate a report through Splunk after the data has been aggregated.