Topic: as the article states and what we have done so far is the event monitoring from a network standpoint using tools like security onion.
Source:
Size: VM- 2-12GB
Topic:Log management
Size: Single Workstation or more
O.S.: Win
Distribution: ELK Setup – https://gist.github.com/silentbreaksec/00ef80b38a54c01846a501f9732e81f7
Price: Free
Support: None
Cloudable: ?
URL:
Part 1 https://silentbreaksecurity.com/windows-events-sysmon-elk/
Part 2 https://silentbreaksecurity.com/windows-events-sysmon-elk-part-2/
Vendor: OpenSource
Why: We should be reviewing Windows WORKSTATION events- this is how it gets done
Lab-able: Y 10-30 HRS this will take a long time to follow if you actually do it
Non-marketing videos URL: Youtube.com / none
Categories: Tools