Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1)
ATT&CK techniques detected
T1654Log Enumeration
90%
“wrangling windows event logs with hayabusa & sof - elk ( part 1 ) wrangling windows event logs with hayabusa & sof - elk ( part 1 ) event logs are one of my favorite windows artifacts, but they are voluminous, and only a small percentage of events provide value during most securi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1654Log Enumeration
62%
“hayabusa to reduce and prioritize our event analysis. we ’ ll get around 75 % reduction in event - log entries in our hayabusa timeline output, which is hugely significant, but this still leaves us with tens of thousands of entries per endpoint. we can prioritize our investigatio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In part 1 of this post, we’ll discuss how Hayabusa and “Security Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) appeared first on Black Hills Information Security, Inc..