Posted on January 4, 2014
I’m ISC Handler today and I’ve got a great post on how to use syslog to monitor important Windows event logs. This will have multiple parts as it will go deeper into special config.
This entry was posted in Defense, Windows IR and tagged AppLocker, Emet, Event Logs, Syslog, XPATH.
PlatformAuditProbe – free commandline tool/Windows Forensic Metric (64 bit Windows 7 or later)
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.