Windows Event Logs - Zero to Hero

Explore Windows Event Logs in-depth through this comprehensive conference talk from Bloomcon 2017. Delve into topics such as Windows Event Forwarding, log volume management, and the implementation of a Cuckoo Malware Lab. Learn about the differences between alerting and exploring logs, analyze real-world examples like the Deep Panda sample, and understand the importance of monitoring local admin additions. Discover Event Tracing for Windows, PowerShell logging, and Active Directory monitoring techniques. Gain insights into monitoring your monitoring systems, and receive valuable one-offs, gotchas, and recommendations from experts Nate Guagenti and Adam Swan. Enhance your cybersecurity skills and learn how to leverage Windows Event Logs effectively in this informative 56-minute presentation.

Intro
Windows Event Logs? Really?
Windows Event Forwarding
How many logs (EPS) are we talking about?
Description of our Cuckoo Malware Lab
Alerting vs. Exploring
Continued... (Deep Panda Sample)
Adding Local Admin
Event Tracing for Windows
PowerShell
AD: Right to Control All Users
Monitoring Your Monitoring
One-offs, Gotchas, and Recommendations
Questions?