Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)

Last week at Ignite Australia I presented a session (available here ) on something I don’t think gets talked about enough – Windows Event Forwarding, or WEF.  (Edit: I’ve also since done an depth Microsoft Virtual Academy session on Event Forwarding too!). Often when we engage for an Incident Response, we find the customer : Has no centralized...