Posted inWindows Server
Intrusion Detection with Windows Event ID’s
This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioral examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!