Hello, I am wanting to use OSSEC policy monitoring for auditing Windows 2003/2008 servers that should be baselined to CIS. Initially, I am trying to verify and monitor Windows Audit policies, specifically *Audit Logon Events*. I have been trying to locate a registry key, or something that would allow me to accomplish this. Would anyone be able to help me with how I might be able to accomplish this? Thank you!
Tyler Ross
