Windows event logs are a tool that every cybersecurity and IT professional should have in his or her arsenal. They can be used locally for troubleshooting or centralized for network awareness. When utilized centrally, powerful software known as a Security Information Event Management (SIEM) can be utilized to parse and search log files. But what if you are working locally? Is there an efficient method to do the same? You will find the answer to these questions lies in Microsoft’s most powerful tool belt, Microsoft PowerShell.
It’s been predicted for years that most computers will run in the cloud and your screen will be the only connection between you and the cloud. Does that mean the business infrastructures will matter anymore, and what does that mean for the future of network monitoring?
Improper configuration changes to a network—or even just one server on a network—can cause huge issues. They can degrade network performance, shut down key services, and even result in noncompliance with regulatory standards like SOX, PCI, HIPAA and FISMA. And they can compromise network security.
Often perceived as a precursor to Industry 4.0, the rollout of 5G, if the marketing is to be believed, will allow innovations that were previously restricted or unreliable due to lack of bandwidth. Speeds of up to 10Gbps are promised by telecom companies but since we have yet to experience real-life usage scenarios, this is mere speculation.
Here’s a familiar refrain in IT media: Today’s corporate networks are much different than they were 10, five, or even two years ago. It’s cliched, but it’s true: Modern IT networks are bigger, messier, and more dynamic than they used to be. For system and network administrators, that means it’s now a lot more difficult to keep track of what’s connected to your network.
If you’ve ever said that or even thought it, then you know exactly how much fun taking inventory is. Or is not, rather. Every industry requires periodic asset inventory – that’s just a fact of life.
One of the more disheartening aspects of log collection within the Windows Operating system are the limited number of out of the box events related to security. It is often desirable to capture any unknown or malicious running processes, capture the source process for outbound connections, identify modifications to files and the registry, and to capture command and PowerShell commands that are run on a particular endpoint. Luckily for systems administrators, Microsoft provides a great tool for this type of log capture within the SysInternals suite called system monitor, or Sysmon.
Your network is a living, breathing entity. Like a living body or an organic brain, it’s constantly moving things around and changing from moment to moment. Every single individual part is in continuous contact with and reacting to every other part. The job of your monitoring tool is to track all of this.
If you are a systems administrator or a security engineer, it is probable you have a requirement to filter and forward Windows event logs either directly or hierarchically. There are many alternatives available to accomplish this goal, one of which is Windows Event Forwarding (WEF). In this article, you will learn to configure a simple source initiated WEF subscription which utilizes the HTTP protocol to forward events between a client and a collector in a single domain.
Everyone and everything in our modern connected world uses bandwidth. The pipes are now far bigger than the old 56kbps dial-up speeds most of the world endured once upon a time, so bandwidth is usually not seen as an issue by the vast majority of network users. Well, not until there’s a problem, that is.