Рет қаралды 6,051
In this video we’ll be exploring the power of Sysmon to investigate malware and track the actions of an attacker. We’ll look at how to install it on both a single machine, and automate deployments via GPO. Finally, a discussion on the importance of taking the time to define an appropriate XML configuration file.
References:
Sysmon download link: docs.microsoft.com/en-us/sysi...
SwiftOnSecurity starter policy download link: github.com/SwiftOnSecurity/sy...
Previous video on configuring Winlogbeat: • Collecting & analysing...
Batch file to install/update Sysmon via GPO: github.com/rot169/AttackDetec...
Modular Sysmon by Olaf Hartong: github.com/olafhartong/sysmon...
Timecodes:
0:00 Introduction
1:23 Investigating an attack with Sysmon
6:21 Installing Sysmon manually
8:08 Automating Sysmon deployment via GPO
9:03 Sysmon configuration
Credits:
Intro/Outro Music: Render - Prism: • Render - Prism [Creati... (via Argofox: / argofox )
Diagram icons designed by OpenMoji (openmoji.org/) CC BY-SA 4.0