Detecting Security Incidents Using Windows Workstation Event Logs

  • Anthony R
  • 17


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


Windows event logs can be an extremely valuable resource to detect security incidents. While many companies collect logs from security devices and critical servers to comply with regulatory requirements, few collect them from their windows workstations; even fewer proactively analyze these logs. Collecting and analyzing workstation logs is critical because it is increasingly at the workstation level where the initial compromise is happening. If we are to get better at detecting these initial compromises then it is imperative that we develop an efficient, common sense approach to collecting and analyzing these events.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Russ Anthony

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free