search

Advanced Log Analysis

Key Windows Event IDs for Cybersecurity Monitoringchevron-rightAnalyzing a Series of Failed Login Attempts from Multiple IP Addresseschevron-rightSteps to Investigate Suspicious Outbound Network Trafficchevron-rightIdentifying and Responding to Lateral Movement within a Networkchevron-rightDistinguishing Between Legitimate and Malicious PowerShell Executionschevron-rightDetecting and Analyzing a Potential Data Exfiltration Incident Using Log Datachevron-rightSteps to Analyze PowerShell Logging (Event ID 4104) for Malicious Activitychevron-rightHow to Identify an Internal Pivot Attack Using Log Datachevron-rightIndicators in Logs Suggesting a Privilege Escalation Attackchevron-rightHow to Detect Command and Control (C2) Communication Using Log Analysischevron-rightHow to Analyze Logs to Detect a Brute-Force Attack on an RDP Servicechevron-rightHow to Analyze Logs to Detect a Brute-Force Attack on an RDP Servicechevron-rightHow to Detect the Use of Living-Off-the-Land Binaries (LOLBins) in Logschevron-rightHow to Detect Malware Masquerading as a Legitimate Process Using Log Analysischevron-rightHow to Detect and Analyze Lateral Movement Using Windows Event Logschevron-rightHow to Detect Potential Ransomware Attacks in Their Early Stages Using Log Analysischevron-rightHow to Detect and Analyze Privilege Escalation Using Windows Event Logschevron-rightHow to Detect the Use of Mimikatz or Similar Tools in Log Datachevron-rightHow to Detect and Analyze DNS Tunneling Through Log Analysischevron-rightHow to Detect a Pass-the-Hash (PtH) Attack Using Logschevron-rightHow to Detect and Analyze an Attacker’s Use of a Remote Access Trojan (RAT) Using Log Datachevron-rightHow to Detect Lateral Movement Using Windows Event Logschevron-rightHow to Detect and Investigate Data Exfiltration Using Logschevron-rightHow to Identify and Analyze an Internal Phishing Campaign Using Email and System Logschevron-rightHow to Detect and Analyze Ransomware Activity Using Logschevron-rightHow to Detect Malicious PowerShell Activity Using Log Analysischevron-rightHow to Detect and Respond to Brute-Force Attacks Using Log Datachevron-rightHow to Detect Privilege Escalation Attempts Using Windows Event Logschevron-rightHow to Detect and Analyze Suspicious Domain Name Resolution Requests in DNS Logschevron-rightHow to Detect and Respond to Unauthorized Access to Critical Fileschevron-rightHow to Detect and Analyze Suspicious PowerShell Command Executionchevron-rightHow to Detect and Investigate Account Takeover (ATO) Attempts Usingchevron-rightHow to Detect and Analyze the Use of Living Off the Land Binaries (LOLBins)chevron-rightHow to Detect and Investigate Lateral Movementchevron-rightHow to Detect and Investigate Data Exfiltrationchevron-rightHow to Detect and Analyze Suspicious Activity Involving Service Accountschevron-rightHow to Detect and Investigate Anomalous PowerShell Activity Related to Credential Dumpingchevron-rightHow to Detect and Analyze the Execution of Unsigned or Malicious Executableschevron-rightHow to Detect and Investigate Abnormal Spikes in Network Trafficchevron-right
PreviousPractical LabsNextKey Windows Event IDs for Cybersecurity Monitoring

Last updated