What’s New in the Windows 10 Security Log

Webinar Registration

I've been busy researching the changes to audit policy and the security log in Windows 10 and there's a lot of new stuff. I'll be updating the Security Log Encyclopedia to reflect these changes and I'm going to show you these changes live in this upcoming real training for free ™ webinar. Here's some of what to expect:

  • Microsoft has added a new “Audit Group Membership” subcategory to audit policy that documents all the groups a user belongs to at the moment of logon – whether an interactive logon to a workstation or a remote logon as to a file server. I'll discuss the interesting ways you can use this information to enhance your monitoring of different types of users.
  • The other new audit policy, “Audit PNP Activity” allows you to audit connection of external devices by the Windows plug and play system. We'll discuss ways to use this information.
  • Microsoft has new events and more fields to some existing events so that get additional useful information on activity like
    • Logons – these changes will help you filter out machine logons, identify privileged logons, track outbound logon attempts as different users and more
    • Process creation
    • Enumeration of the local SAM account database which can be useful for catching malware trying to pass-the-hash and extend their horizontal kill chain
    • Changes to Boot Configuration Database (BCD)

A lot of these changes are valuable enhancements that will help you catch endpoint security threats more effectively and that’s what I will focus on. I'll show you examples of these new events and point out the new fields in existing events.

LogRhythm, has agreed to sponsor this real training for free ™ session. LogRhythm has a major new version of their very cool SIEM out and Erick Ingleby will briefly show you what’s new in version 7.1 including the introduction of a new back-end technology for storing all log data that provides greater scalability, search performance, faster indexing rates, and enables new capabilities such as unstructured search against the full log message text.

This is an important event for staying up-to-date on Windows auditing that you won’t want to miss. Please register now!

First Name:  
Last Name:  
Work Email:  
Phone:
Organization:
Country:  
State:
Zip/Postal Code:
Job Title:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Upcoming Webinars
    Additional Resources