Thanks, Tom and Amanda! This was super useful and informative!

super interesting stuff guys! thanks!

Thanks Tom and Amanda for that Interesting Presentation. Great Info. Brought back memories of Sleepless nights from my previous Job Posting as a lone System Administrator in a private medical clinic in Canada. It was a constant (losing) battle with the users (Doctors) to improve security. Thankfully those scary days are years behind me now. Any upcoming video to transfer sysmon logs into Graylog?

@LAWRENCESYSTEMS

4 ай бұрын

As I said in the video, I have a video on how to do that linked in the description kzread.info/dash/bejne/k2eAxLOop5rPZLQ.html

How nice would it be if Microsoft included these utilities in a default install rather than the crap I have to spend an hour uninstalling! Great video thanks!

@MD-es3rv

4 ай бұрын

Most companies do not have storage requirements, system requirements etc to run sysmon by default this stuff would require planning, infrastructure etc. It would also require some sort of siem fowarder setup to ingest all that data recorded back into the siem. In other words, by default it would cause to much trouble. Corporate networks have all sorts of old tech, old OS's and legacy shit that shouldn't be there, but are bc well, they unfortunately need to be.

@davidanderson2436

4 ай бұрын

@@MD-es3rv Couldn't agree more - point was that a professional version of windows should have more utilities like these installed (by default - not necessarily running or configured - but at least available) rather than SnapChat, GameBox, Facebook, ChimClip, Spotify, Latest Office version - or whatever MS wants to shove down users throats at the time of install - they should save that for the Home version or not install it at all.

This is great. Made me want to check if Blumira is hiring.

Awesome talk! Thanks for the information. I would love to see a similar talk on Unix system security logging. Maybe even Sysmon for Linux.

@LAWRENCESYSTEMS

15 күн бұрын

Sysmon is needed for Windows because it does not have a good logging export system without it. Linux already has syslog and rsyslog to export to another server.

Really Helpful, Cheers...

So I've used sysmon for brief debugging, but how do you tack it up to log app network connections 24/7? There goes my weekend...

Thank you!

Great content, Thanks. Is it beneficial to implement Sysmon in conjunction with CrowdStrike EDR? What benefits does Sysmon provide that CrowdStrike doesn't?

@LAWRENCESYSTEMS

Ай бұрын

I don't get the question. Sysmon is for logging and Crowdstrike is an EDR.

@kasta851984

Ай бұрын

@@LAWRENCESYSTEMS Thank you for your reply. My question is: Is it worthwhile to implement Sysmon if we are already using Crowdstrike? I believe that Crowdstrike monitors everything that Sysmon does?

@LAWRENCESYSTEMS

Ай бұрын

@@kasta851984 I don't use Crowdstike so I don't know