Mapping Windows Event IDs to Mitre ATT&CK Cheat sheet

This “Windows ATT&CK Logging Cheat Sheet” is intended to help you map the tactics and techniques of the Mitre ATT&CK framework to Windows audit log event IDs in order to know what to collect and harvest, and also what you could hunt for using Windows logging Event IDs.

Download the PDF here!

Follow us on LinkedIn @soc-investigation