There are many references to Windows Advanced logging. [1] [2]. Windows has some great built-in capabilities for detecting abuse — capabilities and SureLog implemented those referances and this is the fastest way to hunt windows endpoints. Everyting is ready as a reports and correlation rules in SureLog
The default Windows settings provide only a subset of the desired logging events that assist in detecting and investigating malicious activity. SureLog predefined reports cover the event categories that will significantly enhance technical analysis.
Samples of SureLog Predefined Windows Reports:
SureLog covers all the reports in [2] and more than 100+ predefined reports for windows event log analysis. Security admins also get statistical reports from those predefined reports and available reports will be more than 1000+ like:
References:
1-https://www.malwarearchaeology.com/cheat-sheets/
2-https://www.acsc.gov.au/publications/protect/Windows_Event_Logging_Technical_Guidance.pdf
