Sysmon

Sysmon - Utilize Sysmon to monitor and log your endpoints and environments

Addons

• Splunk Add-on for Sysmon

• Splunk Add-on for Sysmon for Linux

Resources

• Download Sysmon

• Sysmon configuration file template

• A Sysmon Event ID Breakdown

• Configure your Microsoft Sysmon deployment to collect data

• Sysmon for Linux

• Splunking with Sysmon Series Part 1: The Setup

• Splunking with Sysmon Series Part 2: Tuning

• Splunking with Sysmon Part 3: Detecting PsExec in your Environment

• Splunking with Sysmon Part 4: Detecting Trickbot

• Sysmon Installation on Windows Server 2022

• Sysmon - DFIR

• Complete Installation, Configuration, and Log Management of Sysinternals Tools and Sysmon for Your Cybersecurity Home Lab