Active Directory Advanced Auditing
Log What Matters. Detect What Matters.
Most environments either log too little — missing key attacks — or log too much, drowning in irrelevant data.
In this focused mini-course, you'll learn how to configure Advanced Audit Policy, use Sysmon effectively, and deploy ThreatLog, a tailored auditing toolkit built for defenders who care about both security and efficiency.
You’ll see exactly how to:
✔ Configure Advanced Audit Policy to log meaningful Windows & AD events
✔ Use Sysmon with a real-world configuration baseline
✔ Validate logs and reduce noise using practical techniques
✔ Understand auditing strategy with ThreatLog — a custom tool to generate optimized baselines
This course includes step-by-step walkthroughs, deployment tips, and lessons from real pentests and blue team audits.
By the end, you'll know what to log, how to tune it, and how to spot real threats without wasting SIEM budget or resources.
This course is a Free Trial of the Building a Secure Active Directory course, which gives you a hands-on practical experience building and hardening your own Active Directory environment.
Example Curriculum
Active Directory - Advanced Auditing
Available in
days
days
after you enroll