Introduction: (Problem description)
There are a large number of reasons why it’s a good idea to keep apprised of when, where, why, and how a computer is used on a frequent basis. There could be critical indicators of compromise “IOCs” and/or indicators of attacks “IOAs” that could possibly help network defenders protect against such activities or perform remediation them after the fact. The proper logging of all user and computer activities is crucial to any network defense program and should be carefully implemented in addition to password policy enforcement.
All scripts in this post can be found at: