Randy Franklin Smith, guru at UltimateWindowsSecurity.com, just released two new "How-To" video's on monitoring two important areas with Windows Event Collection.
Video 1 - In
this 4 minute video, Randy shows you step-by-step how you can use Supercharger to create a WEC susbscription that pulls PowerShell security events from all of your endpoints to a central collector.
Video 2 - In
this 8 minute video, Randy shows you how to monitor security event ID 4688 from all of your endpoints. Obviously this would normally create a plethora of data but using Supercharger's Common System Process noise filter you will see how you can leave 60% of the noise at the source.
You can watch the video's by clicking on the links above or visiting the
resources page for Supercharger by clicking
here.