Top Windows Security Logs for UEBA

User and entity behaviour analytics (UEBA) and security information and event management (SIEM) are separate security solutions that can work together to detect shifts in behaviour that indicate a compromise. UEBA is enhanced by leveraging the data collected and enriched by a SIEM, and SIEM capabilities are expanded by ingesting UEBA events for further correlation. One of the best ways to understand this symbiotic relationship is to take an actual source of security events and apply UEBA to it. In this on-demand webinar, Matt Willems, LogRhythm’s technical product manager, joins Ultimate Window Security’s Randy Franklin Smith to uncover the relationship between UEBA and SIEM — giving you an inside view of user behaviour analysis in action. In this webcast, you’ll learn how to apply UEBA and SIEM using data from the Windows Security Log to track: - When a user normally logs on - The computer from which the user authenticates - Additional computers the user accesses The webinar identifies the most important events from the Windows Security Log for UEBA and the roles that generate them, as well as challenges in correlation. In addition, you’ll learn about alternative logs that augment user behaviour analysis. Presenters will also cover: - Examples of identity construction from user identifiers such as Active Directory credentials and email addresses (both corporate and personal) - Dynamic baselining (i.e., what is normal in your environment vs. a threshold/whitelist/blacklist) - Two UEBA use cases: one that focuses on authentication from an abnormal location and another that highlights an unusual time/blacklisted location Watch the webinar to learn how to successfully apply UEBA to security events.