Microsoft Sysinternals' Sysmon tool is a free tool that provides amazing enhancement of system activity to enrich threat hunting, digital forensics, incident response, and an organization's security posture. In this edition of #techtalktuesday, we overview Sysmon fundamentals, cover how to get started with Symon, what the default configuration looks like, and the basics of writing Sysmon rules tailed to your environment.

Are you using Sysmon currently? In the comment section below, we'd love to hear how Sysmon has helped your security program and any advice you have for people getting started.

Please like and subscribe to support our channel!

Follow us on Twitter: [ Ссылка ]
Follow us on LinkedIn: [ Ссылка ]
Hire us for your next threat hunt: [ Ссылка ]

Chapters:
00:00 - Intro
00:14 - What is Sysmon
01:27 - Installing Sysmon on Windows 10
02:02 - Viewing Sysmon Logs
02:40 - Overview of Sysmon Log IDs
04:51 - Understanding Sysmon's Default Config
05:56 - Getting Started Writing Sysmon Rules
06:44 - Writing Sysmon Rules to Detect Malicious Network Activity
10:19 - Wrapping Up

свернуть