In most cases it is often unnecessary or impractical to collect and store all security events. While the Audit Collection Service (ACS) natively collects all security events from a target systemit includes a filtering mechanism which can be used tomanage event insertion and storage to the SQL database. Filters can be implemented based on event ID or on the contents of the events themselves.
The Secure Vantage ACS Noise Filters Guide provides sample filter sets and guidance to optimize data collection which improves both online and offline storage capabilities plus reporting performance. ACS Noise Filters are based onMicrosoft recommended event filters defined in the Security Attack and Detection Planning Guide and best practices from Microsoft Security MVP, Randy Franklin Smith.