This room introduced me to the wealth of information contained in Windows Event Logs and how they can be used for threat detection and investigation. I explored different event categories, such as login events, account management, and process creation, and learned how to interpret the details within them.
The hands-on challenges helped me practice filtering through logs to identify suspicious activity, like failed logons or unusual process launches. By the end, I had a much stronger sense of how to use Event Logs as a primary data source when monitoring and responding to endpoint security incidents.
