3 Introduction to Windows Event Logs

As you know, the most used Operating System (OS) worldwide is Microsoft Windows. Attackers know this, and every day, they develop new malware and techniques to target Microsoft Windows OS platforms. As a SOC analyst, you must understand the provided event logs by Microsoft in Windows environments that help you to investigate and detect cyber breaches.

The objective of this chapter is to understand the provided event types by the Microsoft Windows OS, learn the analysis approach for event logs (either online or offline), and provide you with an overview of the investigation approach for this part of the book.

In this chapter, we will cover the following main topics:

Windows event types
Windows event log ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

3

Introduction to Windows Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly