Operations | Monitoring | ITSM | DevOps | Cloud

One of the most prevalent log sources in many enterprises is Windows Event Logs. Being able to collect and process these logs has a huge impact on the effectiveness of any cybersecurity team. In this multi-part blog series, we will be looking at all things related to Windows Event Logs. We will begin our journey with audit policies and generating event logs, then move through collecting and analysing logs, and finally to building use cases such as detection rules, reports, and more.

Whether this is the third time you are looking at the MITRE Engenuity ATT&CK® evaluation results or your first, you may be asking yourself: what was unique about this year’s evaluation? Well, let’s first start with: who is MITRE Engenuity? They are a tech foundation that collaborates with the private sector on many initiatives — most notably cybersecurity — and in recent years have become synonymous with cyber threat evaluations.

Unify and contextualize your logs, metrics, application trace data, and availability data behind a single pane of glass. Elastic Observability provides a unified view into the health and performance of your entire digital ecosystem. With easy ingest of multiple kinds of data via pre-built collectors for hundreds of data sources, Elastic Observability delivers seamless integration between the facets of observability.

Our journey with Elastic began with a search for a single monitoring platform service for all kinds of applications and infrastructure across geographies and in the cloud. Like many other organizations who use Elastic, our story does not end there.

In our previous blog post on Windows access tokens for security practitioners, we covered: Having covered some of the key concepts in Windows security, we will now build on this knowledge and start to look at how attackers can abuse legitimate Windows functionality to move laterally and compromise Active Directory domains. This blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) where possible.

Creating dashboards is quicker and easier than before with a new streamlined navigation experience, now available in Kibana 7.12. This dashboard-first approach makes it simple for you to create and add visualizations without leaving your dashboard-building flow. Get started directly from a Kibana dashboard with a few simple steps: Select Create Panel and choose what type of visual you want to build.

We’re excited to announce that Elastic has been named a Visionary in the 2021 Gartner Magic Quadrant for Application Performance Monitoring. We are thrilled with the Visionary placement and believe that it validates our differentiated approach to delivering a modern application performance monitoring solution, powered by the Elastic Stack. Download the complimentary report to see how Gartner evaluates the market, and why they recognized Elastic as a Visionary in our first time participating.

“An adaptive business model that has employee experience at its core is the key to building business resilience, creating sustainable competitive advantage, and scaling effectively in times of disruption.” This is one of the key findings of a new commissioned study by Forrester Consulting, on behalf of Elastic.