In the final blog of this series, we’ll look at ways to integrate Windows event logs with other telemetry sources to provide a complete picture of a network environment. The…
Windows Workstation Logs – Integration
Microsoft Workstation Logs – Configuration
Over the last three posts, we’ve looked at Microsoft event logging use cases and identified a set of must-have event IDs. Now we’re ready to put our security policy in…
Windows Workstation Logs – Increasing Visibility
Anyone who has looked at the number of event IDs assigned to Windows events has probably felt overwhelmed. In the last blog, we looked at some best practices events that…
Microsoft Workstation Logs – Focus on What’s Important
Can you have too much of a good thing? Maybe not, but you can certainly have too much of the wrong thing. In my first blog, I introduced the idea…
Microsoft Workstation Logs – An Introduction
We’ve all heard the saying, “What you see is what you get.” Life isn’t quite so simple for those focused on security, as what you don’t see is more likely…