I'm researching about the windows event log. I'm learning now, here is the summary, for those of you who want to play as blue team, forensic, threat hunting, SIEM
What is Windows event log?
Windows event log is an in-depth record of events related to the system, security, and application stored on a Windows operating system. Event logs can be used to track system and some application issues and forecast future problems.
Audit security : https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/view-the-security-event-log
Export log (evtx)
https://www.ibm.com/support/pages/exporting-windows-event-logs-event-viewer
[+] Download : Windows security event log and audit
https://www.microsoft.com/en-us/download/confirmation.aspx?id=50034
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/
Learn More
https://www.solarwinds.com/resources/it-glossary/windows-event-log
https://www.esecurityplanet.com/threats/hackers-exploit-windows-event-logs/
https://www.bleepingcomputer.com/news/security/hackers-are-now-hiding-malware-in-windows-event-logs/
https://blueteamblog.com/threat-hunting-with-windows-security-event-logs
Tools and Dataset
https://github.com/Jieyab89/Grafiki
https://github.com/Jieyab89/evtx
https://github.com/Jieyab89/EVTX-to-MITRE-Attack
Result dataset
*Beware click the link!
Freelance | Student
If you have more knowlegde you can comment on this post and adding more resources for my path learn. Thanks all, CMIW
Reply
How you parse to json there is api?
Reply
I use tool evtx parser available on Github, or you can made using Pyhton using lib evtx https://pypi.org/project/evtx2es/ i dont much know about Python
Reply
Thanks mate
Reply