On-demand webinar

Detecting Threats by Analyzing Windows Event Logs with the Elastic (ELK) Stack

Hosted by

Justin Henderson
Justin Henderson

Founder & Lead Consultant

H&A Security Solutions

Mike Paquette
Mike Paquette

Sr. Director Product Management, Security

Elastic

Overview

Your best opportunity to catch an adversary is at the point of attack, before they progress from their initial foothold in your environment. Does your organization collect the data necessary to detect and respond at the endpoint? If your SecOps team collects host logs only from critical servers—and not from your wider set of endpoints—their visibility and effectiveness will be limited.

Security analysts and incident responders can reduce the impact of cyber incidents by gleaning insights from Windows Event Logs using the Elastic Stack (formerly the ELK Stack). This same data is valuable for compliance efforts (e.g., PCI-DSS, SOX, and other key regimes and frameworks) and countless operations use cases.

Justin Henderson of H & A Security Solutions and Mike Paquette of Elastic show you how to use Windows Event Logs to detect threats targeting your infrastructure. They present a common attack scenario, showing the many steps in the cyber kill chain where Windows Event Logs can reveal an attack. 

They lead a demo showing:

  • Ingestion of Windows Event Logs
  • Configuration of data enrichment
  • Detection of attacks with automated analytics
  • Analysis and visualization of data

Related Resources 

Register to watch

You'll also receive an email with related content.