I recently wrote a blog called What should I log in my SIEM? and someone recommended that I do a follow up on what Windows Event logs are helpful in addition to the Security log. It’s a truth universally acknowledged, that a SIEM must contain Windows event logs. But which ones?
Andrea, you are awesome!