Web: https://malware.news/t/uncovering-windows-events/67911

March 15, 2023, 4:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Threat Intelligence ETW

Not all manifest-based Event Tracing for Windows (ETW) providers that are exposed through Windows are ingested into telemetry sensors/EDR’s. One provider commonly that is leveraged by vendors is the Threat-Intelligence ETW provider. Due to how often it is used, I wanted to map out how its events are being written within TelemetrySource.

This post will focus on the process I followed to understand the events the Threat-Intelligence ETW provider logs and how to uncover the underlying …

events windows

Cyber Security Specialist

@ NielsenIQ | Algiers, Algeria

Chief Information Security Officer

@ Business Wire | United States

Sr. Red Team Engineer

@ Picus | Ankara, Turkey

Cyber Security Expert

@ AVIV Group | Paris, France

Security Architect

@ Eurofins | Barcelona, Poland

Engineering Manager, Cloud Security

@ Patreon | Remote

Sr. Cybersecurity Engineer - Identity and Access Management

@ Visa | Bengaluru, India

Research Engineer- Atmospheric Perils Vulnerability

@ Verisk | Boston, MA, United States

Security Engineer, SIRT

@ Amazon.com | Dublin, IRL

Sr Incident Response Analyst

@ ServiceNow | Dublin, Ireland

Security Architect

@ AVIV Group | Paris, France

Regulatory Compliance Specialist - ISMS

@ Intelerad | Remote, OR, United States