OnDemand Training - Best Special Offers of the Year Ending Soon - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

You have to see the criminal to catch the criminal. The most relevant data to monitor, ranked.

  • Friday, December 06, 2019 at 1:00 PM EST (2019-12-06 18:00:00 UTC)
  • Mike Simon, Brandon McCrillis


  • CI Security

You can now attend the webcast using your mobile device!



Learn the data sources you should collect to understand security-related activities on your network.

Teams working to monitor network and workstation security need to know what data to monitor and what to prioritize.

Making a list of all possible specific logs that could be used for security monitoring requires an infinite amount of time.

However, when you understand how to best use each information type, you can identify and prioritize virtually any source.

In this webinar, we will provide a comprehensive list of information to collect and analyze, including:

  1. A list of Sources, often specific to a product or operating system (i.e., Active Directory logs)
  2. A list of log Types, which can often answer the why questions (i.e., user logins)

We will then assist security professionals by ranking that information from most critical to least critical.

Join Mike Simon, CTO of CI Security, and SANS experts to get actionable take-aways to make your network monitoring routines more efficient, with added context about not just what to monitor, but why.

Speaker Bios

Mike Simon

With an education in computer science and 25 years of experience designing and securing information systems, Mike Simon is a well-known and highly respected member of the Northwest’s information security community. Mike is faculty at the University of Washington Foster School of Business, the UW Information School, a published author, an active collaborator on regional initiatives, a subject matter expert in the energy and finance sectors, and integrated with law enforcement through contacts in the FBI, DHS, and InfraGard.

As CI Security’s Chief Technology Officer, Mike leads development teams for the Critical Insight security monitoring platform and the associated Critical Insight Collector-sensor and Cloud Security analytics, directs our Big Data and Data Analytics program and helps to set company direction and strategy.

Brandon McCrillis

Brandon McCrillis is a Cyber Security professional specializing in Network Security to include Network Defense Posturing, Penetration Testing, Network Design and Scaling, Security Auditing and Offensive Cyber Operations. He currently serves as CEO & Principal Consultant at Rendition Infosec.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.