Included here are the logs from the devices that were used to hunt for kerberoasting, bits admin activity as well as log clearing events.

Happy hunting.

Referecnes

https://cyberwardog.blogspot.com/2018/04/welcome-to-helk-enabling-advanced_9.html

Threat Hunter Playbook
https://github.com/hunters-forge/ThreatHunter-Playbook

Attack Detection by Data Source
https://medium.com/mitre-attack/visualizing-attack-f5e1766b42a6

Supporting Technology
Sigma
https://github.com/Neo23x0/sigma

Elastalert
https://github.com/Yelp/elastalert

Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

