The Gravwell Sysmon kit provides a wide array of queries, dashboards, templates, and actionables to support monitoring and investigating Sysmon data. The Gravwell Sysmon kit helps you monitor DNS, network, file, and registry activity provided by the Sysmon toolkit. It's an invaluable resource for day-to-day monitoring as well as hunting misbehaving applications and malware.
Learn more about threat hunting with Sysmon & the Gravwell Sysmon kit in this blog series: Announcing the Gravwell Sysmon Kit - https://www.gravwell.io/blog/announci...
Windows DNS Threat Hunting with Sysmon and Gravwell - https://www.gravwell.io/blog/windows-...
What's in a Sysmon Event?
Part 1 - https://www.gravwell.io/blog/sysmon-e...
Part 2 - https://www.gravwell.io/blog/sysmon-e... #Sysmon #ThreatHunting #Cybersecurity