Trying to make some very cool for security.
Looking for report which shows any admin group account logins over the last 30 days and any failed login attempts.
next I would like a list of any items listed in the following
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run
• HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
• HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx
Lastly, I would also like for this to report on the critical signs of attempted takeover via security events in the system event logs.
Windows 7 regular expressions
SOURCE EventID Number
".*APPCRASH.*" Application 1001
".*he protected system file.*" Application 64004
".*EMET_DLL Module logged the following event:.*" Application 2
.*your virus/spyware.* Application
".*A new process has been created\..*" Security 4688
".*A service was installed in the system\..*" Security 4697
".*A scheduled task was created\..*" Security 4698
".*Logon Type:[\W]*(3|10).*" Security 4624, 4625
".*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run.*" Security 4657
".*service terminated unexpectedly\..*" System 7034
".*service was successfully sent a.*" System 7035