Windows Event Log Analysis & Incident Response Guide
Summary
Event Log
Types of Windows Event Log Analysis
ㆍAccount Management Events
ㆍAccount Logon and Logon Events
ㆍCommon Event ID 4768 result codes
ㆍCommon Event ID 4776 error code descriptions
ㆍLogon event type code descriptions
ㆍCommon logon failure status codes
ㆍAccess to Shared Objects
ㆍNetwork share event IDs
ㆍScheduled Task Logging
ㆍObject Access Auditing
ㆍAudit Policy Changes
ㆍAuditing Windows Services
ㆍWireless LAN Auditing
ㆍWi-Fi connection event IDs
ㆍProcess Tracking
ㆍWindows Filtering Platform (WFP) event IDs
ㆍAdditional Program Execution Logging
ㆍWindows Defender suspicious event IDs
ㆍEvent IDs generated by Sysmon
ㆍAuditing PowerShell Use
ㆍIncident Response Tools to Quickly Detect Cyberattacks
ㆍSecurity Incident Response Tools
ㆍDifference between Authentications vs. Authorization
ㆍAuthentication and Authorization working Together in Real World