Understanding Windows Logging

by Ricky Magalhaes
Sept. 1, 2017 0 comments TechGenix Apps & Hardening windows client security

Logging is an underused tool on most windows networks. It is mostly used in a crisis to rectify events that have already taken place and that were not preempted. This is true for several reasons firstly there is vast amounts of data to get through, and because logistically it may not be viable to inspect every log on a vast network manually, this aspect is neglected. Applications are available that consolidate logs into a central place but what is needed is some form of artificial intelligence to lessen the burden. By this I mean a filter that will be able to take out only pertinent information that is required to understand the happenings on the network. Furthermore logs get full, the fact that the logs are being stored on remote machines further compounds the issue as no one inspects them and this presents a risk as the resident user or remote intruder can wipe out this log, removing their traces and leaving the security professional with no tracks to follow. Intelligent appl...