لاگ های مهم ویندوز جهت مانیتورینگ و تحلیل:
4688: A new process has been created
5156: The Windows Filtering Platform has allowed connection
7045: A service was installed in the system
4657: A registry value was modified
4660: An object was deleted
4663: An attempt was made to access, modify, delete an object
7036: a service has entered the stopped state
7040: a service has disabled
#SOC
#EventID
@Engineer_Computer
4688: A new process has been created
5156: The Windows Filtering Platform has allowed connection
7045: A service was installed in the system
4657: A registry value was modified
4660: An object was deleted
4663: An attempt was made to access, modify, delete an object
7036: a service has entered the stopped state
7040: a service has disabled
#SOC
#EventID
@Engineer_Computer
🔏SOC Multi Tool🔏
Chrome Extension for quick:
IP/Domain Reputation Lookup
IP/ Domain Info Lookup
Hash Reputation Lookup (
Decoding of Base64 & HEX using CyberChef
File Extension & Filename Lookup
and more (view pic)
https://chrome.google.com/webstore/detail/soc-multi-tool/diagjgnagmnjdfnfcciocmjcllacgkab/
#SOC
#EventID
@Engineer_Computer
Chrome Extension for quick:
IP/Domain Reputation Lookup
IP/ Domain Info Lookup
Hash Reputation Lookup (
Decoding of Base64 & HEX using CyberChef
File Extension & Filename Lookup
and more (view pic)
https://chrome.google.com/webstore/detail/soc-multi-tool/diagjgnagmnjdfnfcciocmjcllacgkab/
#SOC
#EventID
@Engineer_Computer
Enhancing Cyber Defense with Windows Security Event Logs.pdf
86.7 KB
🔒 Enhancing Cyber Defense with Windows Security Event Logs 🔍📊
#EventId
#Book
#security
@Engineer_Computer
#EventId
#Book
#security
@Engineer_Computer