28 March, 2016 | Sarah Greesonbach

Plan Effective SIEM First, Compliance Second

Security information and event management (SIEM) is a major priority for large companies. It’s a reporting process that provides a holistic view of the health of an organization’s IT security as well as important details for various kinds of compliance regulations, including GLBA, PCI, FISMA,...
15 January, 2016 | Adam Bertram

How to Get User Logon Session Times from the Event Log

If you’re a knowledge worker, to be productive in a work environment, you’re probably going to need a user account. And you’re probably going to need to actually use this user account to login to your office and mobile devices. If you don’t, you’re probably not going to be working at that...
6 November, 2015 | Adam Bertram

Windows Event Log Forwarding in Windows Server 2008

I love Active Directory auditing. I love it because with just a couple clicks of the mouse I can easily create a policy that immediately gets applied to 500 servers that begins recording useful information on about everything that goes on involving those servers. What I hate about AD auditing is...
22 September, 2015 | Adam Bertram

Tracking Malicious Windows Server Events with PowerShell

Windows servers can potentially generate thousands—or even hundreds of thousands—of events daily. Most are created from perfectly safe events that system administrators use to get a glimpse of what’s going on. An event might be generated to indicate a disk is running out of free space, an...
16 July, 2015 | Adam Bertram

Easy Event Log Querying with PowerShell

If you’re using any kind of native Active Directory (AD) auditing today you probably love the information it generates in the security event log. Native AD auditing is awesome about generating loads of useful information as to what happened and when. The problem arises when you actually want to...
Show more articles