Microsoft® Windows® Security Resource Kit, Second Edition

Common Indicators of Security Incidents

Several types of events are common indicators of security incidents. You should pay particular attention to these types of events. Although after investigation, most of these events will prove harmless, some will warrant closer investigation and possibly trigger your organization’s incident response plan. Common indicators of security incidents include the following:

Unusual Transmission Control Protocol/Internet Protocol (TCP/IP) or User Datagram Protocol (UDP) traffic
Presence of certain events in the System log file
Inability to access network resources
Excessive CPU utilization
Irregular service operations
Irregular file system activity
Permissions changes

Unusual TCP/IP or UDP Traffic

One of the earliest ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Common Indicators of Security Incidents

Unusual TCP/IP or UDP Traffic

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly