I am going through the THP course and am on the module where we look through Event IDs. There are some labs, like Lab 15, that use Event Viewer to find certain events in the Windows Security log.
My question is, is there an efficient way to use Event Viewer? Do we use the filter option on the right hand side menu alone? Do we have to manually go through each entry thereafter? I am fine with this, but I would just like to make sure that this is the only way to do this for now? Are there any recommendations to help better go through the logs?
This is before we dive into ELK and I know that will help, but I would like to learn more about Event Viewer before moving on to it.
Thanks for your help!
P.S. I see that you are the course instructor @sparpulev-8dc005c0c8, so I hope you don’t mind me tagging you