ioc[.]one - OSINT Cyber Threat Intelligence Database

Windows Event Log Analysis with Winlogbeat & Logz.io

Tags

attack-pattern:

Data Hardware - T1592.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	82793ede-cf5e-4900-8864-3b7d36088fc1
Fingerprint	344ef65f38b23982
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 15, 2016, 11:17 a.m.
Added to db	Jan. 18, 2023, 9:59 p.m.
Last updated	Nov. 13, 2024, 6:23 p.m.
Headline	Windows Event Log Analysis with Winlogbeat & Logz.io
Title	Windows Event Log Analysis with Winlogbeat & Logz.io
Detected Hints/Tags/Attributes	29/1/8

Source URLs

	Redirection	Url
Details	Source	https://logz.io/blog/windows-event-log-analysis/

URL Provider

Details	Provider	Source level domain
Details	logz.io	logz.io

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	122		logz.io
Details	Domain	10		listener.logz.io
Details	File	1		c:\program files\winlogbeat' powershell.exe
Details	File	5		install-service-winlogbeat.ps1
Details	File	13		output.log
Details	File	10		listener.log
Details	File	27		tls.cer
Details	File	1		c:\program files\winlogbeat\comodorsadomainvalidationsecureserverca.crt