We would like to generate some logs that we can use as samples for analysis. This will involve setting up Windows systems (can be done on local VMware or Virtualbox), snapshotting the instance and doing different tasks to generate logs.
The tasks involved may will be basic tasks that are basic Windows Administration tasks. In addition to normal Windows tasks we will download some malware and execute it to generate logs from the specific antivirus software. This should be something that you have a good understanding of how to do safely in a VM environment.
You should have your own copies of Windows 10, Windows 7, and Windows Server. You will also be responsible for acquiring trials of different software.
This is a sample of the list of actions needed:
Setup domain controller
Install filebeats and winlogbeats
Add system to domain
Remove system from domain
Create domain user
Download sample virus and execute
For each task, we will modify the beats configurations and export a CSV of the different logs
We will be doing this project hourly, and we expect about 40 hours+ initially.
If you are familiar with applications such as NMAP, openvas, Nessus or Metasploit, we have a lot more that we could do.
Skills: Windows, Domain administration, configuring filebeats, winlogbeats