For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Top 3 Workstation Logs to Monitor for Early Detection of Attacks: Security Log, PowerShell, Sysmon

On Demand
  • Recorded Date:Mar. 29, 2018
  • Event:On Demand

Most cyberattacks begin on the workstation. Some end-user clicks on a link in a phishing email, falls victim to a drive-by download or opens an infected document and the attacker has gained a foothold in your network. From there the attacker escalates his authority on that computer and uses a plethora of methods to jump to other systems, collecting credentials as he goes.

Not only are workstations where attacks begin; they’re also the most exposed and vulnerable systems on your network. To catch attacks as early as possible and stop them before real damage is done, you’ve got to be monitoring your user workstations and endpoint devices.

In this on-demand webcast, security expert Randy Franklin Smith explores the three most important logs you need to protect (security logs, PowerShell and Sysmon) for improved Windows workstation and endpoint security, as well as logging best practices, including:

  • How to enable logging
  • Which events to collect
  • What to look for

Randy is joined by Quest security expert Brian Hymer to look at how log monitoring tools, like InTrust and IT Security Search, help you collect, store and analyze logs to keep your environment secure. 


  • Randy Franklin Smith - Security Expert
  • Brian Hymer - Security Expert