Event Log Management in Windows | TryHackMe Windows Event Logs

📄 Cyber Security Certification Notes & Cheat Sheets https://buymeacoffee.com/notescatalog/extras 🚀(2nd link) Cyber Security Certification Notes & Cheat Sheets https://shop.motasem-notes.net/collections/cyber-security-study-notes 💡Cyber Security Notes | Membership Access https://buymeacoffee.com/notescatalog/membership 🧩Cybersecurity Direct Coaching & Mentoring https://shop.motasem-notes.net/collections/coaching-and-mentoring-programs 🔥Download FREE Cyber Security 101 Study Notes https://buymeacoffee.com/notescatalog/e/290985 🧠 Get Strategic cyber security and tech insights weekly to your email by joining my newsletter below https://buymeacoffee.com/notescatalog/membership 📊Blog Writeups https://www.motasem-notes.net **** In this video walkthrough, we covered managing logs in windows using event viewer, powershell and windows command line. We examined also a scenario to investigate a cyber incident. #windows #powershellscripting ******* Wiki https://wiki.motasem-notes.net/ Receive Cyber Security Field, Certifications Notes and Special Training Videos https://www.buymeacoffee.com/notescatalog Answers https://motasem-notes.net/event-log-management-in-windows-tryhackme-windows-event-logs/ ********** TryHackMe Windows Event Logs https://tryhackme.com/room/windowseventlogs ******** Store https://buymeacoffee.com/notescatalog/extras Patreon https://www.patreon.com/motasemhamdan Instagram https://www.instagram.com/motasem.hamdan.official/ Google Profile https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6 LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Instagram https://www.instagram.com/mastermindstudynotes/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ **** 0:00 - Introduction to Windows Event Logs 0:14 - Accessing the TryHackMe Windows Event Logs Room 0:29 - Overview of Event Viewer and Sysinternals Tools 0:52 - Exploring the Event Viewer Interface 2:17 - Accessing Windows Powershell Operational Logs 4:13 - Event ID 40961 and Filtering Event Logs 5:11 - Filtering Event IDs in Powershell Logs 7:24 - Exploring XML View and Extracting Information 9:03 - Task Category in Event Viewer 9:42 - Using Command Line for Log Analysis 10:52 - Introducing the Windows Event Command Line Utility 12:13 - Enumerating Log Names and Using Commands 14:01 - Querying Events and Filtering Logs by Event ID 17:16 - Explanation of Command Options and Query Filters 18:05 - Analyzing Application Logs via Command Line 21:10 - Introduction to PowerShell and Get-WinEvent Command 22:22 - Retrieving Logs Related to OpenSSH 23:40 - Searching for Event Providers with PowerShell 25:00 - Counting Event IDs and Filtering with Get-WinEvent 27:00 - Using XPath Queries for Event Filtering 29:17 - Using Max Events and Querying Event Logs 31:05 - Conclusion on Querying and Filtering Events in PowerShell