Windows log analysis - PSJoshi/Notes GitHub Wiki

• NSA cybersecurity - https://github.com/nsacyber
• Retrieve definition of windows log messages from Windows binaries - https://github.com/nsacyber/Windows-Event-Log-Messages
• System log datasets for log analysis - https://github.com/logpai/loghub
• Unified host and network dataset - https://csr.lanl.gov/data/2017.html
• Data sources for cybersecurity research - http://statisticalcyber.com/talks/turcotte_slides.pdf

Windows event forwarding (WEF)

The following links explain how to collect Windows logs in a centralized way for its analysis.

• https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
• https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection
• https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/
• http://www.aspirantinfotech.com/sg/download/avecto/brochure/EventCentralization.pdf
• https://cryptome.org/2014/01/nsa-windows-event.pdf