Intro So now that have means to track creation of the new user accounts on our endpoints we are going to create use case tracking deletion of the local user accounts. This use case is quite similar to the tracking...
Intro If you are anything like me, you would want to automate your work as much as possible. The average worker spends on average 11 hours a week when dealing with emails, imagine how much of this time is dedicated...
Intro This blog post kicks out the series of use cases that can be used to monitor user management on Windows platform. Most of the blue teamers know that unexpected changes in local users and their privileges serve as a...
Intro Hi, in this post we will try to deal with the basic monitoring of successfully established RDP connections to your endpoints. I will use ArcSight, however, general ideas are applicable to other SIEM out there. Events that matter When...
Intro We know that monitoring user endpoints is a big deal and sort of problematic. I think most would agree that the easiest and cheapest way right now to monitor Windows endpoints is via Windows Event Forwarding or (WEF) ....