Endpoint Security Monitoring
Monitoring activity on workstations is essential, as that’s where adversaries spend the most time trying to achieve their objectives.
In an enterprise environment, it's best practice to implement a defense-in-depth strategy. A defense-in-depth approach places multiple obstacles for an adversary to overcome. The endpoint is where the adversary will spend the most time performing situational awareness, planning their path to pivot throughout the network to reach their objective. The endpoint is where adequate monitoring should be in place, gathering as much telemetry as possible. For an analyst to successfully determine benign and malicious events, they must understand what is expected and what is abnormal within a Windows system.
0%
Intro to Endpoint Security
Learn about fundamentals, methodology, and tooling for endpoint security monitoring.
0%
Core Windows Processes
Explore the core processes within a Windows operating system and understand what normal behaviour is. This foundational knowledge will help you identify malicious processes running on an endpoint!
0%
Sysinternals
Learn to use the Sysinternals tools to analyze Windows systems or applications.
0%
Windows Event Logs
Introduction to Windows Event Logs and the tools to query them.
0%
Sysmon
Learn how to utilize Sysmon to monitor and log your endpoints and environments.
0%
Osquery: The Basics
Let's cover the basics of Osquery.
0%
Wazuh
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring.
0%
Monday Monitor
Ready to test Swiftspend's endpoint monitoring?
0%
Retracted
Investigate the case of the missing ransomware.
What are modules?
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
