Detecting Lateral Movement through Tracking Event Logs (Version 2) Logo

Detecting Lateral Movement through Tracking Event Logs (Version 2)

0
Free
Visit Website

This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. Updated Contents: This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. While the previous report mainly focused on investigation on event logs and registry entries, this updated report also covers other types of logs and files that are created during lateral movement. The report includes analysis results of various tools and commands that are likely used by attackers in lateral movement, and provides information on how to identify and analyze these tools and commands. The report is intended for incident responders, security analysts, and other professionals who are involved in incident response and incident investigation.

FEATURES

ALTERNATIVES

CrowdStrike Falcon Orchestrator is a Windows-based application for workflow automation and security response.

AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.

Receive important notifications and updates related to North American electric grid security.

A panic button app for triggering a ripple effect across apps responding to panic events

Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.

Modular SOAR implementation in Python for security orchestration, automation, and response.

A System for Abuse- and Incident Handling with log file analysis capabilities.

Anomali is an AI-Powered Security Operations Platform that delivers speed, scale, and performance at a reduced cost, combining ETL, SIEM, XDR, SOAR, and TIP to detect, investigate, respond, and remediate threats.