Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2)
ATT&CK techniques detected
T1654Log Enumeration
83%
“wrangling windows event logs with hayabusa & sof - elk ( part 2 ) wrangling windows event logs with hayabusa & sof - elk ( part 2 ) in part 1, we used hayabusa to reduce / refine windows event logs from a single endpoint. then we ingested that output into sof - elk for further an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..