Detecting Anomalies and Events with Winlogbeat
Winlogbeat is an open-source log collector that ships Windows Event Logs to Elasticsearch or Logstash. In this course, you will learn the setup, configuration, and validation of Winlogbeat in an enterprise environment.
What you'll learn
Centralized logging is a security best practice according to NIST and the Center for Internet Security. So, how can we aggregate Windows Security Event Logs for our Enterprise Windows Endpoints? In this course, Detecting Anomalies and Events with Winlogbeat, you’ll learn how to utilize Winlogbeat to secure a live enterprise environment. First, you’ll learn the Installation and setup of Winlogbeat. Next, you’ll explore some configuration best practices. Finally, you’ll discover how to validate event data to support incident monitoring and anomaly detection. When you’re finished with this course, you’ll have the skills and knowledge to detect threats in your network systems.
Table of contents
- Introduction to Winlogbeat 3m
- Demo: Setup and Configuration 9m
- Demo: Validate Event Data Collection 4m
- Demo: Detect Unauthorized Clearing of Windows Logs 4m
- Detect Living off the Land Attacks 5m
- Demo: Detect Living off the Land Attacks 5m
- Detect PowerShell Execution Anomalies 2m
- Demo: Detect PowerShell Execution Anomalies 4m
About the author
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s... more