Artwork

Clint Marsden에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Clint Marsden 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!

Audiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy steps

44:12
 
공유
 

Manage episode 468828442 series 3578563
Clint Marsden에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Clint Marsden 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Send us a text

This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response.

If you’re in security operations, digital forensics, or incident response, this episode will help you:

  • Deploy Sysmon efficiently.
  • Tune Sysmon logs for maximum insight while reducing noise.
  • Use Sysmon for investigations—from process creation tracking to network monitoring.
  • Understand real-world use cases of how Sysmon can catch adversaries in action.

Key Topics Covered:

  • Why Sysmon Matters – A deep dive into how Sysmon enhances Windows logging.
  • Common Mistakes & How to Avoid Them – Logging misconfigurations, tuning issues, and evidence handling best practices.
  • Step-by-Step Deployment Guide – From downloading Sysmon to configuring it for lean detections.
  • Tuning for Performance & Relevance – How to tweak Sysmon settings to avoid excessive log volume.
  • Investigating Security Events – Key Sysmon event IDs that provide forensic gold.
  • Real-World Use Cases – Examples of how Sysmon has caught attackers in action.
  • Sysmon Bypass Techniques – How adversaries evade detection and how to stay ahead.

Resources Mentioned:

  1. Sysmon DownloadMicrosoft Sysinternals
  2. Sysmon Configuration FilesOlaf Hartong’s Sysmon-Modular
  3. MITRE ATT&CK FrameworkMITRE ATT&CK
  4. ACSC Sysmon Config GuideACSC GitHub

Key Takeaways:

  • Sysmon provides deep system visibility – if tuned correctly.
  • Tuning is essential – Avoid log overload while keeping useful data.
  • Use a structured deployment process – From baselining performance to verifying logs.
  • Sysmon alone isn’t enough – It works best when combined with other detection tools.
  • Be aware of bypass techniques – Attackers can disable Sysmon, so defense in depth is key.

Join the AI Cyber Security Skool Group
Inside the group, you’ll learn how to defend against prompt injections, lock down API keys, and stop your automations from turning into costly incidents. It’s a space for cyber pros, engineers, and AI builders to share playbooks, tools, and real-world lessons on keeping AI secure.
https://www.skool.com/ai-automation-security-5754/about?ref=3e3ebf81027c4bceb6f7cbfdbabe22ea

  continue reading

25 에피소드

Artwork
icon공유
 
Manage episode 468828442 series 3578563
Clint Marsden에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Clint Marsden 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Send us a text

This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response.

If you’re in security operations, digital forensics, or incident response, this episode will help you:

  • Deploy Sysmon efficiently.
  • Tune Sysmon logs for maximum insight while reducing noise.
  • Use Sysmon for investigations—from process creation tracking to network monitoring.
  • Understand real-world use cases of how Sysmon can catch adversaries in action.

Key Topics Covered:

  • Why Sysmon Matters – A deep dive into how Sysmon enhances Windows logging.
  • Common Mistakes & How to Avoid Them – Logging misconfigurations, tuning issues, and evidence handling best practices.
  • Step-by-Step Deployment Guide – From downloading Sysmon to configuring it for lean detections.
  • Tuning for Performance & Relevance – How to tweak Sysmon settings to avoid excessive log volume.
  • Investigating Security Events – Key Sysmon event IDs that provide forensic gold.
  • Real-World Use Cases – Examples of how Sysmon has caught attackers in action.
  • Sysmon Bypass Techniques – How adversaries evade detection and how to stay ahead.

Resources Mentioned:

  1. Sysmon DownloadMicrosoft Sysinternals
  2. Sysmon Configuration FilesOlaf Hartong’s Sysmon-Modular
  3. MITRE ATT&CK FrameworkMITRE ATT&CK
  4. ACSC Sysmon Config GuideACSC GitHub

Key Takeaways:

  • Sysmon provides deep system visibility – if tuned correctly.
  • Tuning is essential – Avoid log overload while keeping useful data.
  • Use a structured deployment process – From baselining performance to verifying logs.
  • Sysmon alone isn’t enough – It works best when combined with other detection tools.
  • Be aware of bypass techniques – Attackers can disable Sysmon, so defense in depth is key.

Join the AI Cyber Security Skool Group
Inside the group, you’ll learn how to defend against prompt injections, lock down API keys, and stop your automations from turning into costly incidents. It’s a space for cyber pros, engineers, and AI builders to share playbooks, tools, and real-world lessons on keeping AI secure.
https://www.skool.com/ai-automation-security-5754/about?ref=3e3ebf81027c4bceb6f7cbfdbabe22ea

  continue reading

25 에피소드

모든 에피소드

×
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

빠른 참조 가이드

탐색하는 동안 이 프로그램을 들어보세요.
재생