One of the building blocks of system and network monitoring is watching the logs. IIS logs are one of the best places to keep track of access and availability of your web apps, but by default don’t really give you any actionable information for security. Let’s walk through how to
Tag: SIEM
Windows Event Forwarding – Intro
The built in functionality of Windows Event Forwarding is pretty powerful, if a little awkward to set up. I’ll be putting together a series of posts walking through my own setup and hopefully it will save someone the missteps I made initially. WEF allows for a machine to forward its