SummaryNone would argue that Windows systems can use all the protection we can give them. Not only they are under constant attacks, but also new vulnerabilities are discovered much too frequently.Standard Windows logs have become better and QRadar has free rules that can detect many attacks. If you enhance those Windows logs with the free Sysmon from Microsoft, QRadar can do real wonders in detecting sophisticated and obfuscated attacks.To prove this, I have pulled two of the developers of those rules (Gladys Koskas and Mo) who are going to show concrete examples of that detection. Also, I have lined up Wincollect developer (Josh Ryan) who is going to show how easy it is to set Wincollect to send only significant Sysmon logs to QRadar with minimal EPS impact. After that, we will have two engineers (Kevin and Stephen) from one QRadar customer sharing how these technologies have enable them to uncover bad guys while trying.We will close the session with 15 minutes for you to ask questions to these distinguished professionals.Please join us in this on-demand recording. Share your questions below and to watch them here.------------------------------
Jose Bravo
------------------------------