Back to all modules

Endpoint Security Monitoring

Monitoring activity on workstations is essential, as that’s where adversaries spend the most time trying to achieve their objectives.

In an enterprise environment, it's best practice to implement a defense-in-depth strategy. A defense-in-depth approach places multiple obstacles for an adversary to overcome. The endpoint is where the adversary will spend the most time performing situational awareness, planning their path to pivot throughout the network to reach their objective. The endpoint is where adequate monitoring should be in place, gathering as much telemetry as possible. For an analyst to successfully determine benign and malicious events, they must understand what is expected and what is abnormal within a Windows system.


Loading rooms...

Need to know
Next Steps

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Learning Structure Diagram