An Inside Look: Top Windows Logs for User Behavior Analysis

User and entity behavior analytics (UEBA) and security information and event management (SIEM) are separate security solutions that can work together to detect shifts in behavior that indicate a compromise is occurring. UEBA is enhanced by leveraging the data collected and enriched by a SIEM, and SIEM capabilities are expanded by ingesting UEBA events for further correlation. One of the best ways to understand this symbiotic relationship is to take an actual source of security events and apply UEBA to it. In this on-demand webcast, Matt Willems, LogRhythm’s technical product manager, joins Ultimate Window Security’s Randy Franklin Smith to uncover the relationship between UEBA and SIEM — giving you an inside view of user behavior analysis in action. In this webcast, you’ll learn how to apply UEBA and SIEM using data from the Windows Security Log to track: - When a user normally logs on - The computer from which the user authenticates - Additional computers the user accesses The webcast identifies the most important events from the Windows Security Log for UEBA and the roles that generate them, as well as challenges in correlation. In addition, you’ll learn about alternative logs that augment user behavior analysis. Presenters will also cover: -Examples of identity construction from user identifiers such as Active Directory credentials and email addresses (both corporate and personal) -Dynamic baselining (i.e., what is normal in your environment vs. a threshold/whitelist/blacklist) -Two UEBA use cases: one that focuses on authentication from an abnormal location and another that highlights an unusual time/blacklisted location Watch the webcast to learn how to successfully apply UEBA to security events.