An Inside Look: Top Windows Logs for User Behavior Analysis

Presented by

Randy Franklin Smith, Windows Security Expert (UWS); Matt Willems, Technical Product Manager (LogRhythm)

About this talk

User and entity behavior analytics (UEBA) and security information and event management (SIEM) are separate security solutions that can work together to detect shifts in behavior that indicate a compromise is occurring. UEBA is enhanced by leveraging the data collected and enriched by a SIEM, and SIEM capabilities are expanded by ingesting UEBA events for further correlation. One of the best ways to understand this symbiotic relationship is to take an actual source of security events and apply UEBA to it. In this on-demand webcast, Matt Willems, LogRhythm’s technical product manager, joins Ultimate Window Security’s Randy Franklin Smith to uncover the relationship between UEBA and SIEM — giving you an inside view of user behavior analysis in action. In this webcast, you’ll learn how to apply UEBA and SIEM using data from the Windows Security Log to track: - When a user normally logs on - The computer from which the user authenticates - Additional computers the user accesses The webcast identifies the most important events from the Windows Security Log for UEBA and the roles that generate them, as well as challenges in correlation. In addition, you’ll learn about alternative logs that augment user behavior analysis. Presenters will also cover: -Examples of identity construction from user identifiers such as Active Directory credentials and email addresses (both corporate and personal) -Dynamic baselining (i.e., what is normal in your environment vs. a threshold/whitelist/blacklist) -Two UEBA use cases: one that focuses on authentication from an abnormal location and another that highlights an unusual time/blacklisted location Watch the webcast to learn how to successfully apply UEBA to security events.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (94)
Subscribers (8147)
Notice: LogRhythm APJ channel has moved! Please note that this channel will not be updated with new content from 31 December 2020. We invite you to our new and improved LogRhythm channel, which can be accessed here: https://www.brighttalk.com/channel/12099/ At LogRhythm, we strive to provide our users and subscribers with the latest security tips & tricks available on-demand. Check out our latest talk: How to build an effective security program with limited resources: https://www.brighttalk.com/webcast/12099/460817