Threat Hunting with Windows Event Forwarding

Course Content
In this course we will learn about Windows Event Forwarding. Not many people are aware of it and take advantage of this built-in native tool. Windows Event Forwarding (WEF) is a way you can get any or all event logs from Windows computers and collect them on one or more Windows Event Collector (WEC) servers.
We will provide a framework for detecting current Active Directory attack methods used by red teams for penetration testing including Lateral Movement and best practices from across the globe. The default configuration of windows does not track events required for investigation of incidents. In this course, we will provide configurations to allow you to setup verbose logging to detect suspicious events.