Spotting the Adversary with Windows Event Log Monitoring

Choosing the Right SIEM

An introduction to collecting important Windows workstation event logs and storing them in a central location for easier searching and monitoring of network health. This paper is based on the publication TSA-13-1004-SG from the National Security Agency (NSA) Information Assurance Directorate.

Using EventTracker it is very easy to deploy Agent to windows systems and collect events from all those systems and store it centrally on EventTracker Manager System.