The SANS GSE lab is getting close now. Currently I’m trying to consolidate my notes and cheat-sheets. While looking for important Windows eventIDs I came across a great, up to date (YEA!) cheat-sheet for Windows Indicators of Compromise at malwarearcheology Also, some good Bro IDS log manipulation tips on the BRO website – I’m just looking for the basics here – top 10 talkers and stuff .