Security Log Webinars by Randy
Every month Randy hosts a deep-dive session into a different area of the cryptic
and mysterious Windows Security Log. PowerPoint slides are provided so you
can take notes.
Upcoming live security log webinars
Register now for these free, live events and get your questions answered live! Can't
make the live event? Register anyway to receive a link to the recording.
The live event is free possible thanks to sponsorship from log management solution
providers.
Recorded security log training sessions on demand
Download these webinars for training on screen or on the go.
- Auditing Program Execution with the Security Log
- Advanced Security Log Monitoring through Multi-Event Correlation
- Understanding Authentication Events in the Windows 2003 and 2008 Security Logs
- Top 12 Security Events To Monitor on Member Servers
- Auditing Unauthorized, Unrecognized Software
- Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly
- Anatomy of a Hack: Tracking an Intruder with Security Logs
- Monitoring Access Changes with the Windows 2008 and 2003 Security Logs
- Leveraging the XP and Vista Security Logs to Ensure Workstation Security and Compliance
- Top 9 Ways to Detect Insider Abuse with the Security Log
- Quantifying the Cost of Log Management: Making a Good Decision Security and Business-wise
- Using Windows Server 2008's New Log Management Features: Archival, Forwarding, Views and Triggers
- Top 5 Goals for Effectively Using Log Management
- Monitoring Active Directory for Security and Compliance: How Far Does the Native Audit Log Take You?
- Security Log Exposed: What is the Difference Between “Account Logon” and “Logon/Logoff” Events?
- Audit Collection Services: Ready for Prime Time?
- 11 Ways to Detect System Intrusions with the Security Log
- Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log
- Security Log Exposed: Auditing Changes, Deletions and Creations in Active Directory
- Configuring Windows Audit Policy to Minimize Noise: Provide Compliance, Support Forensics and Detect Intrusions
- Top 5 Daily Reports for Monitoring Windows Servers
- Taming SharePoint Audit Logs with LOGbinder SP and EventTracker
- Building a Security Dashboard for Your Senior Executives
- Auditing IIS with the Windows Security Log
- 5 Real World Ways to Use Anomaly Detection with Security Logs
- Managing Access Control in SharePoint 2010
- Implement Best Practice, Compliant Log Management and Monitoring with Your Existing Log Management/SEM Solution
- Monitoring Access to Confidential Information in SharePoint
- Understanding Logon Events in the Windows Security Log
- Top 10 VMWare Security Events You Should Be Monitoring
- Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
- Implementing Virtual Security Cameras to Protect Privileged Access and Enforce Accountability
- Auditing SharePoint Activity for Compliance and Security
- Understanding Exchange 2010 Audit Logging
- Linking Logon to Logoff and Everything in Between with the Windows Security Log
- My Rosetta Audit Logging Kits for ArcSight are Here
- File Access Auditing in Windows Server 2012
- Windows Server 2012 Auditing Deep Dive: Claims, Dynamic Access Control, Centralized Permissions
- Detecting Non-Owner Mailbox Access with Exchange Mailbox Auditing
- Top 6 Security Events to Monitor in SQL Server
- Tracking an End-User’s Activities through the Windows Security Log and Other Audit Logs
- Daily Security Log Check for the SMB IT Admin
- Analyzing Logon Failures in the Windows Security Log
- Top 10 Security Changes to Monitor in the Windows Security Log
- Application Security Intelligence: The Next Frontier in Security Analytics - Bridge the Gap between Applications and SIEM
- 5 Real World Scenarios for Correlating Host and Network Events to Catch Violations and Intrusions
- Detecting Information Grabs of Confidential Documents in SharePoint
- Exploring Win2008/2012’s Windows Event Collection Service
- Specific Security Monitoring Lessons Learned from: Target, Nieman Marcus, Sony and other breaches
- Catching Web Based Attacks with W3C Logs from IIS and Apache
- How to do Logon Session Auditing with the Windows Security Log
- Correlating Tactical Threat Data Feeds with Security Logs for More Intelligent Monitoring
- Spotting the Adversary with Windows Event Log Monitoring: An Analysis of NSA Guidance
- Not Monitoring SQL Server with Your SIEM is Close to Negligent: What are Your Options?
- Early Detection: Monitoring Mobile and Remote Workstations in Real-Time with the Windows Security Log
- How to Monitor Network Activity with the Windows Security & Firewall Logs to Detect Inbound and Outbound Attacks
- Setting up Internal Linux and Windows Honeypots to Catch Intruders
- Managing Mailbox Audit Policy in Exchange 2013
- Anatomy of a Data Breach: Tracing a Case of Unauthorized File Access with the Windows Security Log
- How to Use EmergingThreats.net and other Threat Intelligence Feeds with Your SIEM
- Rev Up Your SIEM with These Top 8 High Value Security Event Sources
- SharePoint Defense-In-Depth Monitoring: What to Watch at the App, DB and OS Level – and How?
- Protecting AD Domain Admins with Logon Restrictions and Windows Security Log
- Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
- Monitoring Security Logs from VMWare vCenter and ESXi
- Top 10 Indicators of Tampering with Privileged Accounts
- Using Splunk and LOGbinder to Monitor SQL Server, SharePoint and Exchange Audit Events
- Anatomy of a Hack Disrupted: How One SIEM’s Out-of-the-Box Rules Caught an Intrusion and Beyond
- Monitoring Privileged Access on SQL Server
- Detecting New Programs and Modifications to Executable Files with Windows File Access Auditing and File Integrity Monitoring
- What’s New in the Windows 10 Security Log
- Detect and monitor threats to your executive mailboxes with Exchange mailbox auditing
- PowerShell Audit Logging Deep Dive: Catch Intruders Living off the Land and Enforce Privileged User Accountability
- Who’s Attacking Your Database? Monitoring Authentication and Logon Failures in SQL Server
- 6 Steps to Determine if an Unknown Program is Safe or Malicious
- Auditing Permission Changes on Windows File Servers and NAS Filers
- Leveraging your SIEM to Catch and Respond to Ransomware Before It Spreads
- Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What They Mean
- Managing Large Windows Event Collection Implementations: Load Balancing Across Multiple Collectors
- How to Detect 2 Computers on Your Network Talking to Each Other for the First Time and Why It Matters
- Integrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
- Understanding Azure Log Integration (AzLog): Microsoft’s New Tool for Bringing Azure Visibility to Your SIEM
- QRadar WinCollect and Native Windows Event Collection: How to Do It Right, Filter the Noise and Simplify your Infrastructure
- XPath Deep Dive: Building Advanced Filters for Windows Event Collection
- Tracking Access, Sharing and Administration of Files in SharePoint Online and OneDrive for Business
- Monitoring Privileged Accounts with the Windows Security Log to Catch Lateral Movement by Mimikatz and other Credential Harvesting
- ArcSight’s WUC and WiNC with Native Windows Event Collection: How to Get Events into ArcSight Without the Pain
- 3-Dimensional Security Monitoring for Azure Virtual Machines in the Cloud: Auditing the Control, Data and Windows Planes
- Integrating Identity and Authentication Events to Improve SIEM Threat Detection
- Using File Integrity Monitoring to Catch Imposter EXE/DLL Replacements and Tampering – Without the Noise
- Top 12 Events to Monitor in the Windows Server Security Log
- How to do Logon Session Auditing with the Windows Security Log
- Top Windows Security Log Events for User Behavior Analysis
- Understanding OneDrive for Business Security and Monitoring
- Using YARA to Describe, Classify and Search for Malware
- 5 Ways to Respond Faster and Automate Security through 2-Way Integration Between SIEM and IAM
- Which User and What Program Sent This Packet, and Should I be Concerned? Correlating Network Security Alerts with Host Logs for Full Traffic Attribution
- 4 Threat Detections using Active Directory Authentication Events from the Windows Security Log
- Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources
- Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment
- SIEM Delivery Models: Where Do Today’s Risks and Future Technology Point?
- Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
- Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
- Detecting Persistence: Top 9 Security Changes to Monitor on Windows Server
- Understanding Windows Event Collection (WEC/WEF): Planning, Troubleshooting and Performance Monitoring
- Top 10 Event Categories to Monitor in the Windows Server Event Log
- Top 7 Best and Worst Ways to Avoid Alert Fatigue
- Security Log Deep Dive: Mapping Active Directory Authentication and Account Management Events to MITRE ATT&CK TTPs
- Extra Vigilance: Top 3 Ways to Adapt Your Security Log Monitoring for the Surge in Working from Home
- Anatomy of a Hacker Group: APT29 (aka Cozy Bear)
- Next Generation Windows Event Collection: How to Instantly Load Balance WEC Collectors without Waiting for Computers to See Group Membership Changes
- Top 10 Windows Security Log Events to Monitor to Detect Lateral Movement
- Using New Events in Sysmon v13 to Detect Sophisticated Attacks
- Threat Hunting with Sigma Rules: Using Logs, Alerts, and Behavior to Detect APTs & TTPs
- AnchorDNS: How TrickBot Malware Hides C2 Inside DNS Traffic and How to Turn the Tables
- Understanding Logon Events in the Windows Server 2022 Security Log
- Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System
- Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
- Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
Check out Randy's other webinars