Before starting with detailed planning, you need to study the compliance regulatory documents (internal and external) to get the details of the information you need to log and audit.
In the recipes of this chapter, we will focus on the following two different scenarios:
Monitoring Active Directory for failed logons caused by a brute-force attack
You can find more details on brute-force attacks at http://en.wikipedia.org/wiki/Brute-force_attack.
Monitoring and logging any access to files in a shared folder on a server