Series: Threat Detection Engineering

A practical course on Threat Detection Engineering using Elastic SIEM/EDR

Windows Security Log Quick Reference

by
This entry is part 20 of 28 in the series Threat Detection Engineering

Views: 17🛡️ For Cybersecurity Defensive Operations and IR/Threat Hunting 🔐 Authentication Events 🗝️ Account Management Events 📂 Object Access Events ✅ Note: Requires enabling object auditing via GPO and SACLs. 🧰 Privilege Use and Logon Types PRO Tip: Use Logon Type + Event 4624/4625 to spot RDP logins, scheduled tasks, or lateral movement attempts. ⚙️ … Read more

OpenCTI – Open Source Threat Intelligence Platform: PART I

by
This entry is part 21 of 28 in the series Threat Detection Engineering

Views: 97OpenCTI (Open Cyber Threat Intelligence Platform) is a powerful open-source solution designed to help security teams collect, store, organize, and visualize threat intelligence in a structured way. Whether you’re a SOC analyst, threat hunter, or security researcher, OpenCTI provides a unified environment to centralize CTI data, correlate intelligence from multiple sources, and share it … Read more

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by