SOC Analyst – Page 4 – Netwerk

Splunk Threat Hunting – Windows Events

Views: 42When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: This query looks for event code 4688, which indicates process creation events. It filters out known Splunk-related processes to focus on potentially suspicious activities. This query … Read more

Windows Event IDs to monitor/investigation

by Bharath Narayanasamy

Views: 17SOC (Security Operations Center) teams typically monitor various Windows event IDs to detect and respond to security incidents. While the specific event IDs may vary depending on the organization’s security policies and requirements, here are some commonly monitored Windows event IDs: It’s important to note that the specific event IDs to monitor may vary … Read more