Hi,

Recently we have implemented Mcafee Enterprise security Manager SIEM

To collect all events and logs from all network, servers, event viewer and other logs.

I'm looking for what exact configurations should be made on Microsoft servers to enable audit, loggings to be collected by SIEM.

Shall Microsoft has standard on that or recommendation for each application if I monitor this application and need to get the maximum logs what configurations should be made in this app. To get that

I did some research but I didn't get clear or complete answer for that

Servers list I've:

Exchange 2010 highly available

Active directory 2008 / 2012

SQL server 2008 / 2012

Hyper-V Servers 2010 / 2012

SharePoint Server 2010

DNS servers 2008

DHCP servers 2008

Appreciate support.

Hi,

For your convenience, you can contact McAfee customer service via:

http://service.mcafee.com/default.aspx?lc=1033

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

Thanks for updating, 

MacAfee provided how to configure and how to integrate 

but we still need baseline which setting should be enabled and what shouldn't for example AD audit setting on GPO 

(based on Microsoft recommendation) this recommendation

MacAfee said whatever audit setting and logs i i will collect