Is there a resource for looking up the description and/or usage of W2K8 R2 registry keys? I need to understand integrity checksum change messages appearing in OSSEC logs on Amazon EC2 instances.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Epoch
Firewall related?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
What could be changing interface settings? Does it get updated every reboot? During use?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASP.NET_2.0.50727\Names
PIDs of worker processes. Seems legit.
The list goes on - I'd like to be able to look up and find out about any registry entry that changes. The alerts are useless if I can't understand them.
0 Answers