Watch Top Windows Security Log Events for User Behavior Analysis in New Channel | Channify

In this webinar Randy Franklin Smith (of UWS) and Matt Willems (LogRhythm) work through the behavior and logs necessary to track for UEBA. With a focus on a very specific source of data – the Windows Security Log - this is in-depth knowledge. What types of behavior can you track for a user using the Windows security events? From domain controllers you can track: *When a user normally logs on *What computer the user authenticates from *What other computers they access If you collect more logs - and if you can correlate activity to the actual user identity behind the events - there’s much more behavior you can track: *Which websites does this user normally access? *What programs does this user normally run? *What other accounts does this user logon as? *What systems does this user access possibly under alternate credentials? *Which file shares does this user normally access?