Installed a new DC yesterday. Today I thought I would quickly audit the event logs, just to make sure things were going well before I moved to the next task.
Keep in mind that this figure (as shown below) is for less than 24 hours of no activity - there has been NO activity on this server other than a few logins that may have been handled. No files, no one else logging in, nuttin’!
12,970 security events in less than 24 hours? Really? I am as security conscious as the next average Joe, but at some point the real problems become obscured by the chaff.