Detecting Anomalies and Events with Winlogbeat

Focused View

Michael Edie

39:54

87 View

Exercise Files

detecting-anomalies-events-winlogbeat.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:46

Module 2 - Detection with Winlogbeat

1. Introduction to Winlogbeat.mp4

02:33

2. Demo - Setup and Configuration.mp4

08:59

3. Demo - Validate Event Data Collection.mp4

04:17

4. Demo - Detect Unauthorized Clearing of Windows Logs.mp4

03:30

5. Detect Living off the Land Attacks.mp4

05:22

6. Demo - Detect Living off the Land Attacks.mp4

05:09

7. Detect PowerShell Execution Anomalies.mp4

02:22

8. Demo - Detect PowerShell Execution Anomalies.mp4

04:10

Module 3 - Additional Tool Capabilities

1. Additional Resources.mp4

01:46

Description

Winlogbeat is an open-source log collector that ships Windows Event Logs to Elasticsearch or Logstash. In this course, you will learn the setup, configuration, and validation of Winlogbeat in an enterprise environment.

What You'll Learn?

Centralized logging is a security best practice according to NIST and the Center for Internet Security. So, how can we aggregate Windows Security Event Logs for our Enterprise Windows Endpoints? In this course, Detecting Anomalies and Events with Winlogbeat, you’ll learn how to utilize Winlogbeat to secure a live enterprise environment. First, you’ll learn the Installation and setup of Winlogbeat. Next, you’ll explore some configuration best practices. Finally, you’ll discover how to validate event data to support incident monitoring and anomaly detection. When you’re finished with this course, you’ll have the skills and knowledge to detect threats in your network systems.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Information Security

Michael Edie

Instructor's Courses

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://blog.edie.io and projects at https://github.com/tankmek. He is the Executive Director and Co-Founder of smashthestack.org, a software vulnerability, and exploitation educational platform. Additionally, Michael has volunteered to speak at local nonprofits such as the Cyber Discovery Group (CDG) and NERD Nights. Outside the technical domain, he enjoys spending time with his wife and kids, motorcycling, cryptocurrency, and chess.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.