Overview
Explore Windows Event Log investigation techniques for detecting adversaries in this 41-minute Black Hat conference talk by Miriam Wiesner. Learn about the Microsoft Security Compliance Toolkit, audit policies, and customer requests. Discover how to automate event lists, leverage the MITRE ATT&CK framework, and generate hunting queries. Gain insights into configuring event lists, generating queries, and exploring additional options to enhance your organization's threat detection capabilities and reduce the time needed to identify potential security breaches.
Syllabus
Introduction
Microsoft Security Compliance Toolkit
Audit Policies
Customer Request
Automate Event List
Mitre Attack
Mitre Sources
Three Questions
GUI
Power Event List
Generate Event List
Generate Hunting Queries
Generate Event List Queries
Configure Event List
Generate Queries
Other Options
Taught by
Black Hat