YoVDO

What the Log - So Many Events, So Little Time

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Incident Response Courses Threat Detection Courses Windows Event Logs Courses

Course Description

Overview

Explore Windows Event Log investigation techniques for detecting adversaries in this 41-minute Black Hat conference talk by Miriam Wiesner. Learn about the Microsoft Security Compliance Toolkit, audit policies, and customer requests. Discover how to automate event lists, leverage the MITRE ATT&CK framework, and generate hunting queries. Gain insights into configuring event lists, generating queries, and exploring additional options to enhance your organization's threat detection capabilities and reduce the time needed to identify potential security breaches.

Syllabus

Introduction
Microsoft Security Compliance Toolkit
Audit Policies
Customer Request
Automate Event List
Mitre Attack
Mitre Sources
Three Questions
GUI
Power Event List
Generate Event List
Generate Hunting Queries
Generate Event List Queries
Configure Event List
Generate Queries
Other Options


Taught by

Black Hat

Related Courses

OS Analysis with HELK
Pluralsight Building PowerShell Security Tools in a Windows Environment
Pluralsight Threat Hunting with Windows Event Forwarding
Cybrary Windows Event Logs - Zero to Hero
YouTube Windows Event Logs - Zero to Hero
YouTube