Collect, Search, And Analyze Windows & Sysmon Events
In this webinar, we will cover
- A general overview of the common Sysmon Event IDs and how to interrogate the data with queries.
- Why you may want to set up a configuration file to ingest everything, and when are you ready to make that substantial change.
- How to improve your search techniques and even chart process creation grouped by EXE + Computer or even search for a specific EXE.