Sep 23 2022

Diving Deeper to Understand the Windows Event logs for Cyber Security Operation Center (SOC)

Category: Security Operations CenterDISC @ 9:02 am

Cyber Security operations center is protecting organizations and sensitive business data of customers. It ensures active monitoring of valuable assets of business with visibility, alerting and investigating threats and a holistic approach to managing risk.

Analytics service can be in-house or managed security service. Collecting event logs and analyzing logs with real-world attacks is the heart of the security operation center.

Events – Security operations center

Events are generated by systems which are error codes, devices generate events with success or failure to its normal function.so event logging plays an important role to detect threats. In the organization, there are multiple number and flavors of  Windows, Linux, firewalls, IDS, IPS, Proxy, Netflow, ODBC, AWS, Vmware etc.

These devices usually track attackers footprints as logs and forward to SIEM tools to analyze. In this article, will see how events are pushed to log collector. To know more about windows events or event ids refer Here.

Log Collector

It’s a centralized server to receive logs from any devices. Here I have deployed Snare Agent in Windows 10 machine. So we will collect windows event logs and Detect attacks to windows 10 machine attacks using Snare Agent.

The snare is SIEM(SECURITY INCIDENT AND EVENT MANAGEMENT) Solution for log collector and event analyzer in various operating systems Windows, Linux, OSX Apple, and supports database agent MSSQL events generated by Microsoft SQL Server. It supports both Enterprise and Opensource Agents.

Windows Event logs

Snare Installation

The Snare Agents are issued as both a free open source download, Snare Lite, as well as a commercially supported Enterprise Edition.

Modern Security Operations Center

Tags: Modern Security Operations Center, Security Operations Center, SOC

Leave a Reply

You must be logged in to post a comment. Login now.