Level-up your host-based monitoring with Sysmon
Автор: Attack Detect Defend (rot169)
Загружено: 2021-10-11
Просмотров: 6700
In this video we’ll be exploring the power of Sysmon to investigate malware and track the actions of an attacker. We’ll look at how to install it on both a single machine, and automate deployments via GPO. Finally, a discussion on the importance of taking the time to define an appropriate XML configuration file.
References:
Sysmon download link: https://docs.microsoft.com/en-us/sysi...
SwiftOnSecurity starter policy download link: https://github.com/SwiftOnSecurity/sy...
Previous video on configuring Winlogbeat: • Collecting & analysing Windows event logs ...
Batch file to install/update Sysmon via GPO: https://github.com/rot169/AttackDetec...
Modular Sysmon by Olaf Hartong: https://github.com/olafhartong/sysmon...
Timecodes:
0:00 Introduction
1:23 Investigating an attack with Sysmon
6:21 Installing Sysmon manually
8:08 Automating Sysmon deployment via GPO
9:03 Sysmon configuration
Credits:
Intro/Outro Music: Render - Prism: • Render - Prism [Creative Commons] (via Argofox: / argofox )
Diagram icons designed by OpenMoji (https://openmoji.org/) CC BY-SA 4.0
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
