Security Log Quick Reference Chart
Thank you. Please check your email for the download link.
Become a security log guru!
Take Randy's Security Log Secrets On Demand Interactive course now!
I also have plenty of free training sessions on the Windows security including:
- Auditing Program Execution with the Security Log
- Advanced Security Log Monitoring through Multi-Event Correlation
- Understanding Authentication Events in the Windows 2003 and 2008 Security Logs
- Top 12 Security Events To Monitor on Member Servers
- Auditing Unauthorized, Unrecognized Software
- Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly
- Anatomy of a Hack: Tracking an Intruder with Security Logs
- Monitoring Access Changes with the Windows 2008 and 2003 Security Logs
- Leveraging the XP and Vista Security Logs to Ensure Workstation Security and Compliance
- Top 9 Ways to Detect Insider Abuse with the Security Log
- Quantifying the Cost of Log Management: Making a Good Decision Security and Business-wise
- Using Windows Server 2008's New Log Management Features: Archival, Forwarding, Views and Triggers
- Top 5 Goals for Effectively Using Log Management
- Monitoring Active Directory for Security and Compliance: How Far Does the Native Audit Log Take You?
- Security Log Exposed: What is the Difference Between “Account Logon” and “Logon/Logoff” Events?
- Audit Collection Services: Ready for Prime Time?
- 11 Ways to Detect System Intrusions with the Security Log
- Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log
- Security Log Exposed: Auditing Changes, Deletions and Creations in Active Directory
- Configuring Windows Audit Policy to Minimize Noise: Provide Compliance, Support Forensics and Detect Intrusions
- Top 5 Daily Reports for Monitoring Windows Servers
- Taming SharePoint Audit Logs with LOGbinder SP and EventTracker
- Building a Security Dashboard for Your Senior Executives
- Auditing IIS with the Windows Security Log
- 5 Real World Ways to Use Anomaly Detection with Security Logs
- Managing Access Control in SharePoint 2010
- Implement Best Practice, Compliant Log Management and Monitoring with Your Existing Log Management/SEM Solution
- Monitoring Access to Confidential Information in SharePoint
- Understanding Logon Events in the Windows Security Log
- Top 10 VMWare Security Events You Should Be Monitoring
- Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
- Implementing Virtual Security Cameras to Protect Privileged Access and Enforce Accountability
- Auditing SharePoint Activity for Compliance and Security
- Understanding Exchange 2010 Audit Logging
- Linking Logon to Logoff and Everything in Between with the Windows Security Log
- My Rosetta Audit Logging Kits for ArcSight are Here
- File Access Auditing in Windows Server 2012
- Windows Server 2012 Auditing Deep Dive: Claims, Dynamic Access Control, Centralized Permissions
- Detecting Non-Owner Mailbox Access with Exchange Mailbox Auditing
- Top 6 Security Events to Monitor in SQL Server
- Tracking an End-User’s Activities through the Windows Security Log and Other Audit Logs
- Daily Security Log Check for the SMB IT Admin
- Analyzing Logon Failures in the Windows Security Log
- Top 10 Security Changes to Monitor in the Windows Security Log
- Application Security Intelligence: The Next Frontier in Security Analytics - Bridge the Gap between Applications and SIEM
- 5 Real World Scenarios for Correlating Host and Network Events to Catch Violations and Intrusions
- Detecting Information Grabs of Confidential Documents in SharePoint
- Exploring Win2008/2012’s Windows Event Collection Service
- Specific Security Monitoring Lessons Learned from: Target, Nieman Marcus, Sony and other breaches
- Catching Web Based Attacks with W3C Logs from IIS and Apache
- How to do Logon Session Auditing with the Windows Security Log
- Correlating Tactical Threat Data Feeds with Security Logs for More Intelligent Monitoring
- Spotting the Adversary with Windows Event Log Monitoring: An Analysis of NSA Guidance
- Not Monitoring SQL Server with Your SIEM is Close to Negligent: What are Your Options?
- Early Detection: Monitoring Mobile and Remote Workstations in Real-Time with the Windows Security Log
- How to Monitor Network Activity with the Windows Security & Firewall Logs to Detect Inbound and Outbound Attacks
- Setting up Internal Linux and Windows Honeypots to Catch Intruders
- Managing Mailbox Audit Policy in Exchange 2013
- Anatomy of a Data Breach: Tracing a Case of Unauthorized File Access with the Windows Security Log
- How to Use EmergingThreats.net and other Threat Intelligence Feeds with Your SIEM
- Rev Up Your SIEM with These Top 8 High Value Security Event Sources
- SharePoint Defense-In-Depth Monitoring: What to Watch at the App, DB and OS Level – and How?
- Protecting AD Domain Admins with Logon Restrictions and Windows Security Log
- Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
- Monitoring Security Logs from VMWare vCenter and ESXi
- Top 10 Indicators of Tampering with Privileged Accounts
- Using Splunk and LOGbinder to Monitor SQL Server, SharePoint and Exchange Audit Events
- Anatomy of a Hack Disrupted: How One SIEM’s Out-of-the-Box Rules Caught an Intrusion and Beyond
- Monitoring Privileged Access on SQL Server
- Detecting New Programs and Modifications to Executable Files with Windows File Access Auditing and File Integrity Monitoring
- What’s New in the Windows 10 Security Log
- Detect and monitor threats to your executive mailboxes with Exchange mailbox auditing
- PowerShell Audit Logging Deep Dive: Catch Intruders Living off the Land and Enforce Privileged User Accountability
- Who’s Attacking Your Database? Monitoring Authentication and Logon Failures in SQL Server
- 6 Steps to Determine if an Unknown Program is Safe or Malicious
- Auditing Permission Changes on Windows File Servers and NAS Filers
- Leveraging your SIEM to Catch and Respond to Ransomware Before It Spreads
- Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What They Mean
- Managing Large Windows Event Collection Implementations: Load Balancing Across Multiple Collectors
- How to Detect 2 Computers on Your Network Talking to Each Other for the First Time and Why It Matters
- Integrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
- Understanding Azure Log Integration (AzLog): Microsoft’s New Tool for Bringing Azure Visibility to Your SIEM
- QRadar WinCollect and Native Windows Event Collection: How to Do It Right, Filter the Noise and Simplify your Infrastructure
- XPath Deep Dive: Building Advanced Filters for Windows Event Collection
- Tracking Access, Sharing and Administration of Files in SharePoint Online and OneDrive for Business
- Monitoring Privileged Accounts with the Windows Security Log to Catch Lateral Movement by Mimikatz and other Credential Harvesting
- ArcSight’s WUC and WiNC with Native Windows Event Collection: How to Get Events into ArcSight Without the Pain
- 3-Dimensional Security Monitoring for Azure Virtual Machines in the Cloud: Auditing the Control, Data and Windows Planes
- Integrating Identity and Authentication Events to Improve SIEM Threat Detection
- Using File Integrity Monitoring to Catch Imposter EXE/DLL Replacements and Tampering – Without the Noise
- Top 12 Events to Monitor in the Windows Server Security Log
- How to do Logon Session Auditing with the Windows Security Log
- Top Windows Security Log Events for User Behavior Analysis
- Understanding OneDrive for Business Security and Monitoring
- Using YARA to Describe, Classify and Search for Malware
- 5 Ways to Respond Faster and Automate Security through 2-Way Integration Between SIEM and IAM
- Which User and What Program Sent This Packet, and Should I be Concerned? Correlating Network Security Alerts with Host Logs for Full Traffic Attribution
- 4 Threat Detections using Active Directory Authentication Events from the Windows Security Log
- Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources
- Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment
- SIEM Delivery Models: Where Do Today’s Risks and Future Technology Point?
- Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
- Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
- Detecting Persistence: Top 9 Security Changes to Monitor on Windows Server
- Understanding Windows Event Collection (WEC/WEF): Planning, Troubleshooting and Performance Monitoring
- Top 10 Event Categories to Monitor in the Windows Server Event Log
- Top 7 Best and Worst Ways to Avoid Alert Fatigue
- Security Log Deep Dive: Mapping Active Directory Authentication and Account Management Events to MITRE ATT&CK TTPs
- Extra Vigilance: Top 3 Ways to Adapt Your Security Log Monitoring for the Surge in Working from Home
- Anatomy of a Hacker Group: APT29 (aka Cozy Bear)
- Next Generation Windows Event Collection: How to Instantly Load Balance WEC Collectors without Waiting for Computers to See Group Membership Changes
- Top 10 Windows Security Log Events to Monitor to Detect Lateral Movement
- Using New Events in Sysmon v13 to Detect Sophisticated Attacks
- Threat Hunting with Sigma Rules: Using Logs, Alerts, and Behavior to Detect APTs & TTPs
- AnchorDNS: How TrickBot Malware Hides C2 Inside DNS Traffic and How to Turn the Tables
- Understanding Logon Events in the Windows Server 2022 Security Log
- Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System
- Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
- Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers