Analyzing Windows Host Data

Course Summary

Windows servers and workstations are a common entry-point for attackers, so analyzing events from these systems can provide valuable information that will help support your overall threat hunting program. In this class, you will learn how to use the Elastic Stack to perform Windows event analysis. You’ll start by using Beats to collect and centralize host level events, and then you’ll learn how to analyze these events once they have been shipped to Elasticsearch. After completing this course, you’ll be able to use the Elastic Stack to better harden your Windows security.

  • Anatomy of a Windows Event
  • Elastic Beats for Windows
  • Building Dashboards
  • Enriching Windows Event Data

Course Details

This course is a module of the Security Analytics specialization. Find out how our focused Training Specializations can help you with your use case.

Security Analysts and Engineers, System Administrators, DevOps

Virtual Classroom - 1 Day | 2-3 hours

Virtual Classroom Schedule

We recommend you have taken Kibana Data Analysis and Elasticsearch Engineer I or possess equivalent knowledge.

  • Stable internet connection
  • Mac, Linux, or Windows
  • Latest version of Chrome or Firefox (Safari is not 100% supported)
  • Due to virtual classroom JavaScript requirements, we recommend that you disable any ad-blockers and restart your browser before class.

Upcoming Classes — Analyzing Windows Host Data

It was awesome. Both instructors are great speakers. They have a wide and deep knowledge about the topic, and they know how to pass it on. They are infecting with their enthusiasm.

Mariusz Kuskowski | Allegro Group