While I was writing the previous blog on that subject I’ve remembered that I’ve forgot writing on another tip with Windows Firewall auditing. This tip is a small one. You can easily gather log data about Windows Firewall Port changes by adding the following log:
- Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
That way when someone adds/removes or modifies Windows Firewall rules you will see them in OMS and audit them:
Have fun analyzing logs.