Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

shadyaf
shadyaf

Monitoring your network and gathering massive amounts of data has become easier and easier. Many guides exist on how to gather data, and lots of companies have “enterprise grade” Security Information and Event Management products that can ingest terabytes of data. But what seems to be missing from most environments is the ability to apply…

13

Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)

   Last week at Ignite Australia I presented a session (available here ) on something I don’t think gets talked about enough – Windows Event Forwarding, or WEF.  (Edit: I’ve also since done an depth Microsoft Virtual Academy session on Event Forwarding too!). Often when we engage for an Incident Response, we find the customer : Has no centralized logging Are…

56