Windows Event IDs For Incident Response Cases

In this post blog we will work on Windows Event IDs. When we analyze the logs for incident response or threat hunting, we need to understand, clarify, comment and map the cyber attacks. For this reason we need to examine and investigate logs at Splunk, ELK or any SIEM. During investigation the incident we should have knowledge about red team techniques, processes, threads, socket connections, Event ID’s and its occurance sequence and time for mapping attacks hence Event ID’s very important for us. So I give website link which contains event ids and their explanations below.

Reference: https://countuponsecurity.com/2015/11/25/digital-forensics-supertimeline-event-logs-part-ii/