Intrusion Detection with Windows Event ID’s

This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it┬ácontains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document! http://tinyurl.com/zpggnfq