Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
Queries, dashboards, templates, and actionables to support monitoring and investigating Sysmon data. Helps you monitor DNS, network, file, and registry activity provided by the Sysmon toolkit, and an invaluable resource for day-to-day monitoring as well as hunting misbehaving applications & malware.