Windows event logs and event triggers are an important part of Windows server monitoring. With the addition Event Viewer feature, Windows made it possible for server administrators to create custom tasks for certain events. This would be the so-called event trigger, and it could be a script or an email notification. This feature is highly important in terms of security and proactively dealing with issues with the server.
Since the initial release of InfluxDB OSS 2.0 in November 2020, more than 10% of the community has successfully upgraded, and the pace of the upgrades continues at a steady rate. We have released a number of maintenance releases to address defects, expand platform coverage, and enhance the update experience based on feedback.
Last week we covered the essentials of event logging: Ensuring that all your systems are writing logs about the important events or activities occurring on them. This week we will cover the essentials of centrally collecting these Event Logs on a Window Event Collector (WEC) server, which then forwards all logs to Elastic Security.
One of the most prevalent log sources in many enterprises is Windows Event Logs. Being able to collect and process these logs has a huge impact on the effectiveness of any cybersecurity team. In this multi-part blog series, we will be looking at all things related to Windows Event Logs. We will begin our journey with audit policies and generating event logs, then move through collecting and analysing logs, and finally to building use cases such as detection rules, reports, and more.
Tracking your work hours has become more essential than ever due to increased remote working. Imagine a scenario where you have completed a lot of work and with much efficiency. However, you did not track the time. That would be a pain. But there’s help at hand as time tracking apps allow you to track your work hours. A reliable time tracking application helps you concentrate on your work. You do not have to rely on your memory or break your workflow, as the time tracking app will do it for you.
The Grafana Agent team is happy to announce that Grafana Agent 0.14.0-rc2 includes improved Windows support. Up until now, running Grafana Agent — our tool for gathering metrics, logs, and traces — in Windows was difficult and not well supported for Windows best practices. In short, it was not a good Windows citizen. In the new release candidate, we’re making changes to improve the experience, based on feedback from GitHub issues, customer contacts, and our own experience.
In our previous blog post on Windows access tokens for security practitioners, we covered: Having covered some of the key concepts in Windows security, we will now build on this knowledge and start to look at how attackers can abuse legitimate Windows functionality to move laterally and compromise Active Directory domains. This blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) where possible.
Microsoft released its desktop-as-a-service (DaaS) offering, WVD (Windows Virtual Desktop), to the general public in September 2019. The service runs on Azure and provides a multi-user version of Windows 10, a feature unavailable for on-premises deployments of Hyper-V. WVD is a free service for Microsoft customers with most types of Windows 10 Enterprise license, however, the subscription or PAYG Azure costs are additional, as are many components you may wish to add.
