Training
Threat Detection with Windows Event Logs
Training Overview
The "Threat Detection with Windows Event Logs" training comprehensively teaches how to analyze event logs in Windows operating systems to detect threats. The training includes the use of Windows Event Viewer, the structure of event logs, and advanced logging techniques with Sysmon. Additionally, it covers threat detection from event logs using tools like evtxecmd, Timeline Explorer, and Get-WinEvent.
What You Will Learn
- How to navigate and filter logs using the Windows Event Viewer.
- How to enhance logging capabilities with Sysmon.
- How to use command-line tools like EvtxECmd and Get-WinEvent for analysis.
- How to build timelines of activity using Timeline Explorer.
Who is this for?
- Blue Team members and SOC Analysts.
- Incident Responders.
- Windows System Administrators.
Prerequisites
- A solid understanding of Windows Fundamentals.
- Familiarity with common Windows processes and activities.
Tools You Will Use
- Windows Event Viewer
- Sysmon
- EvtxECmd
- Timeline Explorer
- PowerShell
Training Sections
- Introduction
- Event Viewer
- Components of an Event Log Record
- Sysmon
- Analyzing Windows Event Logs with EvtxECmd
- Timeline Explorer Transfer
- Get-WinEvent
- Exam