Expanded Library

Detecting Anomalies and Events with Winlogbeat

by Michael Edie

Winlogbeat is an open-source log collector that ships Windows Event Logs to Elasticsearch or Logstash. In this course, you will learn the setup, configuration, and validation of Winlogbeat in an enterprise environment.

What you'll learn

Centralized logging is a security best practice according to NIST and the Center for Internet Security. So, how can we aggregate Windows Security Event Logs for our Enterprise Windows Endpoints? In this course, Detecting Anomalies and Events with Winlogbeat, you’ll learn how to utilize Winlogbeat to secure a live enterprise environment. First, you’ll learn the Installation and setup of Winlogbeat. Next, you’ll explore some configuration best practices. Finally, you’ll discover how to validate event data to support incident monitoring and anomaly detection. When you’re finished with this course, you’ll have the skills and knowledge to detect threats in your network systems.

About the author

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Consultant. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https:... more

Ready to upskill? Get started