Event Forwarding Guidance
0
Free
This repository hosts content for aiding administrators in collecting security relevant Windows event logs using Windows Event Forwarding (WEF). This repository is a companion to Spotting the Adversary with Windows Event Log Monitoring paper. The list of events in this repository are more up to date than those in the paper. The repository contains: Recommended Windows events to collect. Regardless of using WEF or a third party SIEM, the list of recommended events should be useful as a starting point for what to collect. The list of events in this repository are more up to date than those in the paper. Scripts to create custom Event Log views and create WEF subscriptions. WEF subscriptions in XML format. Links Microsoft Windows Event Forwarding resources Use Windows Event Forwarding to help with intrusion detection Windows 10 and Windows Server 2016 security auditing and monitoring reference Microsoft's Threat Protection: Advanced security audit policy settings Microsoft's Threat Protection: Security auditing List of important events from Microsoft Microsoft SysInternals SysInternals Sysmon ACSC GitHub Windows Event Logging repository ACSC Windows Event Logging Technica
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Sophos Intercept X Endpoint is a comprehensive endpoint security solution that provides unparalleled protection against advanced attacks, ransomware, and data loss.
Commercial
A simple ransomware protection that intercepts and kills malicious processes attempting to delete shadow copies using vssadmin.exe.
A modern tool for Windows kernel exploration and observability with a focus on security.
Symantec Enterprise Cloud provides comprehensive cybersecurity for large enterprises, with a focus on data-centric hybrid security and innovation in threat and data protection.
Commercial
Advanced malware scanning and removal tool that detects and removes various types of malware and offers additional protection with HitmanPro.Alert.
Commercial
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security