Spotting the Adversary with Windows Event Log Monitoring

An introduction to collecting important Windows workstation event logs and storing them in a central location for easier searching and monitoring of network health. This paper is based on the publication TSA-13-1004-SG from the National Security Agency (NSA) Information Assurance Directorate.





captcha