Using Windows Security Events to Detect Intruders in Your Network

Over time, any given computer on your network will establish a pattern of systems it does and doesn’t talk to. If you can properly baseline that behavior and detect when the computer deviates from normal activity you can produce critical early warnings of a potential incident. In this webcast, LogRhythm’s senior technical product manager, Caitlin NoePayne, and principal sales engineer, Chris Martin, join Randy Franklin Smith, Windows Security subject matter expert, to discuss detecting computers on your network talking for the first time using Windows Security Events. They will also demonstrate LogRhythm behavioral analytics rules and case management features that help analysts follow up on suspicious activity alerts. Learn how to: • Configure your audit policy to generate relevant security events • Establish baseline behavior of the machines on your environment • Monitor and detect traffic patterns to detect an attacker embedded in your network using Windows Security Events • Speed up investigation and response with Security Automation and Orchestration Watch now to learn how to use Windows Security Events and LogRhythm to detect when two computers on your network talk to each other for the first time.