Technical Walkthrough: Analyze Windows & Sysmon Events

This is a technical walkthrough of a proof-of-concept evaluation using Gravwell to collect, search, and analyze windows & sysmon events.

This POC is going to be self-managed running within a VMWare cluster. We’re mostly interested in testing functionality, not scalability, so the VM is going to start at a modest size with an expected daily ingest rate of 50-100 GB/day of events, or less.