Windows log analysis - PSJoshi/Notes GitHub Wiki
- NSA cybersecurity - https://github.com/nsacyber
- Retrieve definition of windows log messages from Windows binaries - https://github.com/nsacyber/Windows-Event-Log-Messages
- System log datasets for log analysis - https://github.com/logpai/loghub
- Unified host and network dataset - https://csr.lanl.gov/data/2017.html
- Data sources for cybersecurity research - http://statisticalcyber.com/talks/turcotte_slides.pdf
Windows event forwarding (WEF)
The following links explain how to collect Windows logs in a centralized way for its analysis.
- https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
- https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection
- https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/
- http://www.aspirantinfotech.com/sg/download/avecto/brochure/EventCentralization.pdf
- https://cryptome.org/2014/01/nsa-windows-event.pdf