Analyzing Windows Host Data


Course Summary

Windows servers and workstations are a common entry-point for attackers, so analyzing events from these systems can provide valuable information that will help support your overall threat hunting program. In this class, you will learn how to use the Elastic Stack to perform Windows event analysis. You’ll start by using Beats to collect and centralize host level events, and then you’ll learn how to analyze these events once they have been shipped to Elasticsearch. After completing this course, you’ll be able to use the Elastic Stack to better harden your Windows security.

Topics Covered

  • Anatomy of a Windows Event
  • Elastic Beats for Windows
  • Building Dashboards
  • Enriching Windows Event Data

Course Details

This course is a module of the Security Analytics specialization. Find out how our focused Training Specializations can help you with your use case.


Security Analysts and Engineers, System Administrators, DevOps


2-3 hours


We recommend taking the following foundational courses (or having equivalent knowledge):


  • Stable internet connection
  • Mac, Linux, or Windows
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad blockers and restart your browser before class