Advanced Security Log Monitoring through Multi-Event Correlation

Webinar Registration

“At the mouth of 2 witnesses” is an ancient standard for determining the truth and the principle applies even in the high tech world of Windows security log analysis. While a single event in isolation may tell one story, analyzing the event in the context of surrounding events may lead to a very different conclusion. For instance you may find event ID 628 which indicates the password was reset for Bob. If no corresponding help desk ticket exists you may be tempted to conclude someone reset Bob’s password for the purpose of impersonating his account. However if you look at the events preceding 628 you may find event 624 – new user (Bob) account created. You see, Windows always logs a password reset event in connection with new user account creations. 

In this real training webinar I’ll show you how to apply this type of multi-event analysis to the Windows security log to eliminate false positive, detect suspicious behavior and get corroboration for investigations.  

Prism’s EventTracker is fitting as the sponsor of this training session because of EventTracker’s sophisticated multi-event correlation engine that works in real-time as well as its flexible reporting and analysis. So, I think you will benefit from both my training and Prism’s brief presentation as well.

First Name:   
Last Name:   
Work Email:  
Job Title:  
Street Address:
Zip :
Industry :

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources