Enable security log events
Before you can use Sigma rules related to security log events, you will need to enable them.
-
Open the Windows Start menu and search for the
Local Security Policy application. Launch the
application.
-
Select
. -
Select
. -
In the Policy tab, select these checkboxes:
- Configure the following audit events
- Success
- Failure