Common Indicators of Security Incidents

Several types of events are common indicators of security incidents. You should pay particular attention to these types of events. Although after investigation, most of these events will prove harmless, some will warrant closer investigation and possibly trigger your organization’s incident response plan. Common indicators of security incidents include the following:

  • Unusual Transmission Control Protocol/Internet Protocol (TCP/IP) or User Datagram Protocol (UDP) traffic

  • Presence of certain events in the System log file

  • Inability to access network resources

  • Excessive CPU utilization

  • Irregular service operations

  • Irregular file system activity

  • Permissions changes

Unusual TCP/IP or UDP Traffic

One of the earliest ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.