One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624


Windows event logs provide a fundamental source for host-based threat hunting. In this edition of #TechTalkTuesday, we explore one of the most powerful event IDs for finding popular nation-state and other hacking groups’ initial access and lateral movement techniques. We also talk about how to scale hunting through event logs with Elasticsearch and Kibana.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top