What is MSIexec and How to Detect it?

SIEM SEC Series

In this course, you will learn about MSI files and more specifically Msiexec, and how you can start to detect them within your SIEM solution. I have provided learners with a base search query to start you off with at the end of this course in some of the most popular SIEM solutions. From these base searches, I will provide you with some direction and tips on how to further refine those searches to create effective monitoring dashboards or even high fidelity alerts in your SIEM.

What you’ll learn

Understand how Detect MsiExec Web Install.
Learn what MsiExec is and why its important.
Understand how to fine tune SIEM queries to create effective alert.
Complete quiz questions to test your knowledge on how to best implement MsiExec Web Install alerts.

Course Content

Introduction –> 1 lecture • 2min.
what is msiexec? –> 2 lectures • 2min.
How can I detect msiexec web installs? –> 2 lectures • 4min.
How can I create a detection for msiexec web installs in my SIEM of choice? –> 2 lectures • 12min.
Threat Review –> 1 lecture • 12min.
Thank you –> 1 lecture • 1min.
Challenge questions –> 0 lectures • 0min.

Requirements

The overall intent of these SIEM SEC Series courses is to deliver you tangible knowledge that you can quickly apply to your environment as soon as you finish the course. I aim to keep these courses short and concise, with the mindset that you can complete one or two of these within your lunch break at work. Ideally, the knowledge learned will help you prevent thousands of dollars in breach damage.

I hope you enjoy the course and feedback is always welcome. I am willing to sculpt further courses to meet the needs of my learners. At the end of the day, I want these to be highly beneficial, with an instant return on investment.

Get Tutorial

https://www.udemy.com/course/what-is-msiexec-and-how-to-detect-it/0fd09d091e5d8f252291b3792ce15287637b0ba4

Get Course

Join Telegram to Download More