Implementing Windows Advanced Logging Cheat Sheet with SureLog SIEM

There are many references to Windows Advanced logging. [1] [2]. Windows has some great built-in capabilities for detecting abuse — capabilities and SureLog implemented those references and this is the fastest way to hunt windows endpoints. Everything is ready as a reports and correlation rules in SureLog

The default Windows settings provide only a subset of the desired logging events that assist in detecting and investigating malicious activity. SureLog predefined reports cover the event categories that will significantly enhance technical analysis.

SureLog Predefined Windows Reports:

SureLog Removable Device Access Events Report

References:

1- https://www.malwarearchaeology.com/cheat-sheets/

2- https://www.acsc.gov.au/publications/protect/Windows_Event_Logging_Technical_Guidance.pdf

3-http://anet-canada.ca/2019/07/27/implementing-windows-advanced-logging-cheat-sheet-with-surelog-siem/