{"status":"success","data":{"_id":"634ea01466638c250c80b571","title":"Endpoint Security Monitoring","description":"In an enterprise environment, it's best practice to implement a defense-in-depth strategy. A defense-in-depth approach places multiple obstacles for an adversary to overcome. The endpoint is where the adversary will spend the most time performing situational awareness, planning their path to pivot throughout the network to reach their objective. The endpoint is where adequate monitoring should be in place, gathering as much telemetry as possible. For an analyst to successfully determine benign and malicious events, they must understand what is expected and what is abnormal within a Windows system.","summary":"Monitoring activity on workstations is essential, as that’s where adversaries spend the most time trying to achieve their objectives.","moduleURL":"endpoint-security-monitoring","tags":["offensive"],"image":"https://assets.tryhackme.com/img/modules/endpoint-security-monitoring.png","rooms":[{"_id":"62dcfb17dc0f11005f136416","id":1,"code":"introtoendpointsecurity","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/66704dd0e54a1f39bff7b1a1-1735575234175","title":"Intro to Endpoint Security","description":"Learn about fundamentals, methodology, and tooling for endpoint security monitoring.","free":true,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2022-10-18T15:00:00.126Z"},{"_id":"5ff894c1fa60fb2d54b6a7b5","id":2,"code":"btwindowsinternals","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/d2060288325a3952a066dd12cff3899b.png","title":"Core Windows Processes","description":"Explore the core processes within a Windows operating system and understand what normal behaviour is. This foundational knowledge will help you identify malicious processes running on an endpoint!","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2021-01-18T17:46:45.223Z"},{"_id":"6006eec3f608977f452fefa4","id":3,"code":"btsysinternalssg","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/e77773e1fbbd8448764b7597a226f675.png","title":"Sysinternals","description":"Learn to use the Sysinternals tools to analyze Windows systems or applications.","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2021-01-22T19:00:00.283Z"},{"_id":"5fcaaf595c987b700ab66f7b","id":4,"code":"windowseventlogs","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/0484889fb85cacdd041f9e47ab13f113.png","title":"Windows Event Logs","description":"Introduction to Windows Event Logs and the tools to query them.","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2021-01-03T15:15:56.420Z"},{"_id":"5fd936ea7682e4771af9c8bb","id":5,"code":"sysmon","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/8978e8897b612ee0be15e66be5f83803.png","title":"Sysmon","description":"Learn how to utilize Sysmon to monitor and log your endpoints and environments.","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2021-01-20T19:00:00.186Z"},{"_id":"6341a4b9818b91005e6d30ce","id":6,"code":"osqueryf8","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/2d1116d536a64d634647d6efa1f2acf0.png","title":"Osquery: The Basics","description":"Let's cover the basics of Osquery.","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2022-11-07T17:30:00.203Z"},{"_id":"615ee1fa12b08c00618e5c2d","id":7,"code":"wazuhct","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/dab38a8c03e9e6ba3232ded19228f037.jpeg","title":"Wazuh","description":"Explore Wazuh: an all-in-one, free, and open-source security solution.","free":true,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2022-04-19T16:56:25.632Z"},{"_id":"65cf5835c213736de2db9687","id":8,"code":"mondaymonitor","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/5fc2847e1bbebc03aa89fbf2-1717413696793","title":"Monday Monitor","description":"Ready to test Swiftspend's endpoint monitoring?","free":false,"type":"challenge","toPay":false,"isPublic":true,"published":"2024-07-24T15:00:01.661Z"},{"_id":"650025f235c8713093cc3efa","id":9,"code":"retracted","image":"https://tryhackme-images.s3.amazonaws.com/room-icons/7c857918b2d3f18cf8912aaba313f2d0.png","title":"Retracted","description":"Investigate the case of the missing ransomware.","free":false,"type":"walkthrough","toPay":false,"isPublic":true,"published":"2024-07-24T15:00:01.365Z"}],"socSimScenarios":[],"threatHuntingScenarios":[],"prerequisites":[{"id":"60dbbd66437056aee2bcfcb3","title":"Windows Fundamentals","summary":"Get hands-on access to Windows and it's security controls. These basics will help you in identifying, exploiting and defending Windows.","moduleURL":"windows-fundamentals","rooms":3,"image":"https://tryhackme-images.s3.amazonaws.com/modules/gamified-paths-module-5.png","tags":["fundamental"]}],"nextSteps":[],"collaborator":[],"public":true,"totalTimeToCompleteMinutes":760,"totalJoinsCount":481719}}