1.1 Introduction

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Sign up with

or

View all SSO options

Already have an account? Sign In »

Threat Hunting with Windows Event Forwarding

Course

Time

1 hour 21 minutes

Difficulty

Beginner

CEU/CPE

2

Up Next

1.2 Native Windows Event Forwarding

2.1 Group Policy for Event Collection

2.2 Microsoft System Monitor (SysMon)

2.3 Which Events to log for the Threat Hunt Part 1

2.4 Which Events to log for the Threat Hunt Part 2

Threat Hunting with Windows Event Forwarding

In this course we will learn about an approach to collect events from windows devices in both normal operations and when an intrusion is suspected. We will use Windows Event Forwarding (WEF) natively built into Windows for Incident detection while sharing our learnings and step-by- step instructions with WEF configuration and management workflows.

Instructed By

Gurvinder Singh

Gurvinder Singh

Information Security Manager at American Psychological Association

Similar Content

Identifying Intrusion and Mitigating Attacks with RHEL Server

Identifying Intrusion and Mitigating Attacks with RHEL Server

This last lab is similar to the Windows Incident Response lab, but different in that ...

Creating SIEM Reports with Splunk

Creating SIEM Reports with Splunk

Students will walk through the creation of SIEM reports using the SPLUNK tool.

Monitor and Resolve Security Issues using Security Center

Monitor and Resolve Security Issues using Security Center

This IT Pro Challenge virtual lab teaches you how to use Remote Desktop Protocol (RDP) ...

Learn On Demand