Threat Hunting with Windows Event Forwarding

via Cybrary

Overview

Discover the power of Windows Event Forwarder in our upcoming course titled "Threat Hunting with Windows Event Forwarding," offered by Cybrary. This course tackles the underutilized, yet powerful, built-in tool of Windows Event Forwarding (WEF). Learn how to aggregate event logs from multiple Windows computers to Windows Event Collector (WEC) servers, enhancing your security infrastructure.

The curriculum focuses on identifying modern Active Directory attack tactics, such as Lateral Movement, employed during red team penetration tests. Participants will gain insights into global best practices and learn to configure systems to log crucial events for comprehensive incident investigations. The course will guide you through setting up verbose logging to better detect and respond to suspicious activities effectively.

Prerequisites for this course include a solid understanding of Active Directory Group Policies and familiarity with Windows event logs. Participants will need access to one or more Windows servers for event collection.

Course goals aim to empower students to:

Set up Windows Event Logging to monitor and capture indicators of malicious activities like Lateral Movement.
Efficiently collect and manage event logs using Windows Event Collector (WEC).
Implement a threat detection framework aligned with MITRE's guidelines to track and counteract malicious acts such as Lateral Movement.

This course is categorized under Threat Intelligence Courses and is ideal for individuals seeking to enhance their skills in threat detection and network security management.