The security log is now full (Event ID 1104) is logged every time Windows security log fills up. This post describes the necessary actions to take.

Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats.

Do you want to view Windows event logs in a CSV or TEXT file? Here is how to export Windows Event logs with PowerShell commands.

SIEM and SOAR allow enterprises to collect and correlate log event data but may not be the ideal choice for every organization. Microsoft’s Windows Event Forwarding aggregates system event logs ...

I'm writing a Windows app in unmanaged C++ and want to log some simple events to the Application log. I'm normally a *nix guy and am used to being able to just call syslog() (or asl(3) on Mac OS X ...

Navigate the maze of Windows Event Logs to efficiently troubleshoot common Hyper-V issues.

Hackers are now hiding malware in Windows Event Logs Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously ...

Microsoft's Sysmon and Azure Sentinel are easy and inexpensive ways to log events on your network. Here's how to get started with them.

The log-on/log-off category of the Windows security log gives you the ability to monitor all attempts to access the local computer. This article examines each log-on type and shows how some other ...

The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for malicious late stage trojans, according to a ...