What You Need To Know About Windows Event IDs

There’s a treasure trove of rich security data in your Windows environment — you just need to know how to tap into it.

Enter Event IDs: Windows server logs that can tell you about a variety of security incidents, from pass the hash attacks to an attacker clearing logs to hide their tracks.

But monitoring every Event ID that comes through is a surefire way to waste time and resources. Blumira’s Matt Warner, CTO and Co-Founder, and Amanda Berlin, Lead Incident Detection Engineer, will explain how to use Event IDs to their fullest, so you can get visibility without getting bogged down in details. You’ll learn:

• Which Event IDs are most important to monitor — and why
• How Sysmon can richen your data even further
• How a SIEM eases the process of monitoring event logs 

This interactive, conversational-style session encourages questions and engagement with viewers – so sign up today for access to our security experts.

Participants

Matthew Warner, CTO and Co-Founder, Blumira

Matt is CTO and Co-Founder of Blumira, a leading cybersecurity provider of automated threat detection and response technology. At Blumira, he leads the security and engineering efforts to provide actionable insights into cybersecurity risks at scale. Matt has over 10 years of experience in IT and development, focusing on business strategy, development, compliance, threat detection and penetration testing. Previously, he was Director of Security Services, Development & Security at NetWorks Group, responsible for defensive information security and services.

Amanda Berlin, Lead Incident Detection Engineer

Based in Ohio, Amanda is a highly accomplished network defender well-regarded throughout the Midwest infosec community. As a Lead Incident Detection Engineer at Blumira, she specializes in threat detection research as well as SecOps. Amanda serves as the founder and CEO of Mental Health Hackers, a nonprofit dedicated to providing education and guidance to tech workers around mental health topics. Amanda is also the co-host of the Brakeing Down Security podcast. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media.