AppLocker is Window’s built-in application whitelisting technology. Despite AppLocker requiring a lot of planning, research and commitment to ongoing care and feeding, in audit mode the application has unlocked potential. Audit mode, provides a really cool way to know immediately when anything new runs on your network without collecting a tremendous amount of events from every endpoint.
In this webinar we’re going on a deep dive of how to implement AppLocker in audit mode and then monitor those events so that you know as soon as something new shows up on your endpoint. Also, Erick Ingleby will briefly show you how LogRhythm can even take automatic remediation measures on endpoints when unauthorized software is detected – including the immediate collection of additional evidence so that it will be ready for the security analyst to investigate .