Top 10 Event Categories to Monitor in the Windows Server Event Log

Webinar Registration

The Windows Event Log contains lots of information but it is only useful if you can remove ‘noise’ and focus on what is important. Often the first port of call when troubleshooting or investigating attacks, the Event Log is divided into several main categories, like Security and System, and additionally many other logs related to specific operating system features.

Hackers target the Event Log during an attack to hide their tracks by clearing the logs. So, it’s important that organizations centralize collection of events either using Windows Server and Event Forwarding, or by passing events to a third-party Security and Information Event Management (SIEM) system for storage and automated analysis.

Attacks can sometimes be detected or even preempted by looking at information in the Event Log. Changes to server audit policy, processes launched that are not permitted by Application Control policies, and user authentication events that might indicate Pass-the-Hash (PtH) attacks, can all be used to help identify malicious activity.

In this webinar, we will look at the top ten types of events that you should collect to help secure servers and your network from attack. Windows Server expert Russell Smith will talk about what categories of events you should focus on and which events are most useful to collect. Russell will discuss configuring auditing to make sure that you are capturing critical events and the different ways auditing can be configured. Additionally, we will talk about and demonstrate:

  • Which types of events are most important to monitor and why
  • Microsoft’s security baseline templates used to configure Windows Server audit settings
  • Using Group Policy to set up Advanced Audit Policy
  • How to set up custom views in Event Viewer to filter out unwanted noise

Join us in this real training for free webinar and learn how to identify and remediate security gaps with the native tools in Windows Server and Netwrix solutions.

First Name:   
Last Name:   
Work Email:  
Phone:  
Organization:  
Country:    
City:  
State:  
Zip/Postal Code:  
Company Size:
Job Title:
Industry:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources