Collect, Search, and Analyze Windows and Sysmon Events


What Will You Learn:

  • A general overview of the common Sysmon Event IDs and how to interrogate the data with queries.
  • Why you may want to set up a configuration file to ingest everything, and when are you ready to make that substantial change.
  • How to improve your search techniques and even chart process creation grouped by EXE + Computer or even search for a specific EXE.

Reasons to Watch:

  • You're required to see how often processes are created and which ones are the most frequent.
  • You are a Threat Hunter and you need to get to the root cause analysis.
  • You plan to deploy Sysmon in your enterprise but don't have a collector or forwarding setup.