WILEY Windows Security Monitoring: Scenarios and Patterns

This book provides granular detail around events that are triggered on a Windows based system, and the scenario's that lead to certain events being generated. This is useful information in cyber defence when building suitable use cases for alerting when there potential security incidents or potentially malicious activities occurring on your systems. As the title of this book states "Windows Security Monitoring", it provides you with the details to be able to effectively monitor your Windows environment. I'd highly recommend this book for anyone working in a security operations centre (SOC), whom might be monitoring Windows devices in a network.

Great product and service!!!

For those who work in IT and have involvement with their company's security, will definitely want to check out Andre Miroshnikov's "Windows Security Monitoring: Scenarios and Patterns".At first I thought it would be a rehash of what I learned in a class I took but this book actually offered much more, especially chapter 7 on Microsoft Active Directory and chapter 8 - Active Directory Objects.For those who are wondering what this book goes into chapter-wise, here is a chapter breakdown:Chapter 1: Windows Security Logging and Monitoring PolicyChapter 2: Auditing Subsystem ArchitectureChapter 3: Auditing Subcategories and RecommendationsChapter 4: Account LogonChapter 5: Local User AccountsChapter 6: Local Security GroupsChapter 7: Microsoft Active DirectoryChapter 8: Active Directory ObjectsChapter 9: Authentication ProtocolsChapter 10: Operating System EventsChapter 11: Logon Rights and User PriviligesChapter 12: Windows ApplicationsChapter 13: Filesystem ad Removable StorageChapter 14: Windows RegistryChapter 15: Network File Shares and Named PipesAnd much more!Overall, a wonderful book on Windows security (Windows 7 - Windows 10 and Windows Server 2016)!

Andrei Miroshnikov is making a very important contribution with the results of his “research about the Microsoft Windows security auditing subsystem and event patterns”, covering Windows 7 through Windows 10 and Windows Server 2016. Anyone doing Windows security or forensics knows the jungle. Events, for example, are presented as numerical codes in the logs. But often there is no reliable description of what the event code means. On occasion, the definitions of codes change. Trying to track transactions can become a nightmare. Miroshnikov’s essentially encyclopedic tome makes the task of understanding the many Windows auditing and monitoring systems much more efficient. I strongly urge anyone involved with Windows security or forensics to get a copy. It’s terrific.Jerry

I work in IT security and this book is great, it showed me a lot about reading logs and security issues and solutions.Shows patterns to look at and all kinds of Tricks.A must have if you are in IT Security, or just want to learn