Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
This repository hosts content for aiding administrators in collecting security relevant Windows event logs using Windows Event Forwarding (WEF). This repository is a companion to Spotting the Adversary with Windows Event Log Monitoring paper. The list of events in this repository are more up to date than those in the paper.
The repository contains:
See LICENSE.
See DISCLAIMER.