Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2016-TN-007Abstract
Host protection strategies, such as enabling anti-exploitation features, can be effective in protecting Windows endpoints from compromise. Microsoft offers a tool to assist in this area and is provided at no cost. The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps to prevent the exploitation of software vulnerabilities.
EMET can be effective in safeguarding organizations from compromise by malicious actors. The configuration of EMET can be controlled centrally by enterprise system administrators using Group Policy. While centralized management capability is built into the tool, centralized reporting capabilities are not, creating a challenge when it comes to real-time situational awareness, metrics gathering, troubleshooting, and reporting. This report presents methods by which systems administrators and/or information security personnel can create a centralized reporting console using native Windows capabilities and the Splunk machine data analysis engine.
Cite This Technical Note
Lewis, C., & Tammariello, J. (2016, August 18). Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET). (Technical Note CMU/SEI-2016-TN-007). Retrieved April 19, 2024, from https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/.
@techreport{lewis_2016,
author={Lewis, Craig and Tammariello, Joseph},
title={Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)},
month={Aug},
year={2016},
number={CMU/SEI-2016-TN-007},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/},
note={Accessed: 2024-Apr-19}
}
Lewis, Craig, and Joseph Tammariello. "Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)." (CMU/SEI-2016-TN-007). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, August 18, 2016. https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/.
C. Lewis, and J. Tammariello, "Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2016-TN-007, 18-Aug-2016 [Online]. Available: https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/. [Accessed: 19-Apr-2024].
Lewis, Craig, and Joseph Tammariello. "Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET)." (Technical Note CMU/SEI-2016-TN-007). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 18 Aug. 2016. https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/. Accessed 19 Apr. 2024.
Lewis, Craig; & Tammariello, Joseph. Creating Centralized Reporting for Microsoft Host Protection Technologies: The Enhanced Mitigation Experience Toolkit (EMET). CMU/SEI-2016-TN-007. Software Engineering Institute. 2016. https://insights.sei.cmu.edu/library/creating-centralized-reporting-for-microsoft-host-protection-technologies-the-enhanced-mitigation-experience-toolkit-emet/