About Blogs Community Guide Deploy Sysmon ELK General Gravwell Graylog Microsoft System Center Presentations RSA Netwitness Splunk Sysmon Configuration Files Sysmon Github Projects Utilities

Blogs

Nov 29, 2023

Learning Sysmon - Videos 1-10 Written by Carlos Perez
Detecting (Some) Malicious Office Documents Using Sysmon - @malwaresoup
Chronicles of a Threat Hunter: Hunting for WMImplant with Sysmon and ELK - Part I - Roberto Rodriguez
Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part I (Event ID 7) - Roberto Rodriguez
Effectively analysing sysmon logs - Adrian Shaw
Explaining and adapting Tay’s Sysmon configuration - Lennart Koopmann
Detecting Lateral Movement Using Sysmon and Splunk - David French
Setting up Elasticsearch 5.x – Sending Windows Logs using WinLogbeat 5.x Part 2/3 - Pablo Delgado
Advanced Sysmon filtering using Logstash - Pablo Delgado
Sample sysmon events and the schema you can expect in Sysmon v6 - @williballenthin
Sysmon Woes, Elasticsearch and MITRE’s ATT&CK Matrix - Black Lantern Security
Parsing Sysmon Events for IR Indicators - CrowdStrike
Detecting Advanced Threats with Sysmon, WEF and ElasticSearch - Joshua Lewis
Sysinternals New Tool Sysmon (System Monitor) - Carlos Perez
Putting attackers in hi vis jackets with sysmon - Adrian Shaw
Sample sysmon events and the schema you can expect in Sysmon v6 - @williballenthin

Sysmon-DFIR

Sysmon-DFIR

MHaggis
M_Haggis

A curated and bespoke list of resources for learning about deploying, managing and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs and additional GitHub repositories.