Windows Event Log에 대한 좋은 자료들
유투브에서 이벤트 로그 잘 설명해주는 아저씨
https://www.youtube.com/watch?v=AWjFAMOJS58
그 아저씨가 첨부한 파일
https://docs.google.com/presentation/d/1qy3ykIc_UsA8bPit9iA98TEH_Tu--3hD/edit?pli=1#slide=id.p21
PowerPoint Event Viewer Tools for the IT Pro.pptx
Event Viewer Tools for the IT Pro
docs.google.com
윈도우 이벤트 로그 기반으로 상용화한 제품
https://www.youtube.com/watch?v=dcz0qAMFEbU
윈도우 이벤트로그 가이드라인
https://github.com/nsacyber/Event-Forwarding-Guidance
GitHub - nsacyber/Event-Forwarding-Guidance: Configuration guidance for implementing collection of security relevant Windows Eve
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber - nsacyber/Event-Forwarding-Guidance
github.com
Sysmon 활용하기
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
Sysmon - Sysinternals
Monitors and reports key system activity via the Windows event log.
learn.microsoft.com
이벤트 로그 감시(감사)정책 세팅
Basic security audit policy settings - Windows 10
Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
learn.microsoft.com
이벤트 로그로 침해 분석
https://www.youtube.com/watch?v=MY_vOwO0EI4
고려대 강의
https://www.youtube.com/watch?v=qNmFWC2Kuy0
sysmon 그래픽컬 화
https://www.youtube.com/watch?v=Rln9-ig9xFw