How to Write Sysmon Rules: Getting Fancy(Bear) With Sysmon to Find APT Level Cyber Security Threats
Description
Last week we explored how to get started with Sysmon to strengthen your cybersecurity defenses. This week we dive deeper into Sysmon rules and explore how we can use Sysmon to find FancyBear (APT28) during your threat hunting, digital forensics, and incident response engagements.