How to get started with Microsoft Sysinternals’ Sysmon advanced event logging
Description
Microsoft Sysinternals’ Sysmon tool is a free tool that provides amazing enhancement of system activity to enrich threat hunting, digital forensics, incident response, and an organization’s security posture. In this edition of #techtalktuesday, we overview Sysmon fundamentals, cover how to get started with Symon, what the default configuration looks like, and the basics of writing Sysmon rules tailed to your environment.