Process creation and termination are critical events for both legitimate and malicious processes. This week's #techtalktuesday walks through Window's process creation & termination events, how to enable them, and some of the ways you might use these events to find attackers in your environment while you are threat hunting, performing incident response or expanding the visibility of your cyber security program.

Please like and subscribe to support our channel!

Follow us on Twitter: [ Ссылка ]
Follow us on LinkedIn: [ Ссылка ]
Hire us for your next threat hunt: [ Ссылка ]

Chapters:
00:00 - Intro
00:43 - Overview of Windows' Advanced Security Audit Policy
01:37 - How to Enable Process Creation and Termination Event Logging
03:02 - Diving into Process Creation Event ID 4688
04:36 - Diving into Process Termination Event ID 4688
06:13 - Wrapping Up

свернуть