Threat Hunt For Malicious Account Usage Using Windows Event Logs

How To Threat Hunt for Malicious Account Usage Using the Windows Event Logs


The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows accounts for access, lateral movement, and in other attack stages. In this edition of #TeckTalkTuesday, we explore logs within the advanced audit policy settings you can add to your threat hunting and incident response program to uncover attacker use of both domain-joined and local Windows accounts.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top