Learning about Endpoint Security Monitoring this time around. Endpoints are just about all your machines and devices on your network. It is essential to understand how to monitor these items. If you need to go over a system that may have triggered an alert, it is good to know which endpoint it references, as well as to make sure you understand the core processes running on the system.
This section covers Windows event logs and introduces SysInternal, a suite of programs that can help you monitor and investigate processes on Windows endpoints.
Wazuh is an open-source SIEM that also offers Vulnerability Scanning capabilities. I have installed Wazuh on a small network setup that I had, and it is interesting to see it in action.
