Thanks Tom and Amanda for that Interesting Presentation. Great Info. Brought back memories of Sleepless nights from my previous Job Posting as a lone System Administrator in a private medical clinic in Canada. It was a constant (losing) battle with the users (Doctors) to improve security. Thankfully those scary days are years behind me now. Any upcoming video to transfer sysmon logs into Graylog?
How nice would it be if Microsoft included these utilities in a default install rather than the crap I have to spend an hour uninstalling! Great video thanks!
Most companies do not have storage requirements, system requirements etc to run sysmon by default this stuff would require planning, infrastructure etc. It would also require some sort of siem fowarder setup to ingest all that data recorded back into the siem. In other words, by default it would cause to much trouble. Corporate networks have all sorts of old tech, old OS's and legacy shit that shouldn't be there, but are bc well, they unfortunately need to be.
@@collusion-d4n Couldn't agree more - point was that a professional version of windows should have more utilities like these installed (by default - not necessarily running or configured - but at least available) rather than SnapChat, GameBox, Facebook, ChimClip, Spotify, Latest Office version - or whatever MS wants to shove down users throats at the time of install - they should save that for the Home version or not install it at all.
Sysmon is needed for Windows because it does not have a good logging export system without it. Linux already has syslog and rsyslog to export to another server.
Great content, Thanks. Is it beneficial to implement Sysmon in conjunction with CrowdStrike EDR? What benefits does Sysmon provide that CrowdStrike doesn't?
@@LAWRENCESYSTEMS Thank you for your reply. My question is: Is it worthwhile to implement Sysmon if we are already using Crowdstrike? I believe that Crowdstrike monitors everything that Sysmon does?
Thanks, Tom and Amanda! This was super useful and informative!
super interesting stuff guys! thanks!
Thanks Tom and Amanda for that Interesting Presentation. Great Info. Brought back memories of Sleepless nights from my previous Job Posting as a lone System Administrator in a private medical clinic in Canada. It was a constant (losing) battle with the users (Doctors) to improve security. Thankfully those scary days are years behind me now.
Any upcoming video to transfer sysmon logs into Graylog?
As I said in the video, I have a video on how to do that linked in the description ruclips.net/video/a3LbQow7i4Q/видео.html
How nice would it be if Microsoft included these utilities in a default install rather than the crap I have to spend an hour uninstalling! Great video thanks!
Most companies do not have storage requirements, system requirements etc to run sysmon by default this stuff would require planning, infrastructure etc. It would also require some sort of siem fowarder setup to ingest all that data recorded back into the siem. In other words, by default it would cause to much trouble. Corporate networks have all sorts of old tech, old OS's and legacy shit that shouldn't be there, but are bc well, they unfortunately need to be.
@@collusion-d4n Couldn't agree more - point was that a professional version of windows should have more utilities like these installed (by default - not necessarily running or configured - but at least available) rather than SnapChat, GameBox, Facebook, ChimClip, Spotify, Latest Office version - or whatever MS wants to shove down users throats at the time of install - they should save that for the Home version or not install it at all.
This is great. Made me want to check if Blumira is hiring.
Awesome talk! Thanks for the information. I would love to see a similar talk on Unix system security logging. Maybe even Sysmon for Linux.
Sysmon is needed for Windows because it does not have a good logging export system without it. Linux already has syslog and rsyslog to export to another server.
Really Helpful, Cheers...
Thank you!
So I've used sysmon for brief debugging, but how do you tack it up to log app network connections 24/7? There goes my weekend...
Blumira is not available in my country and I'm extremely sad about it, because it looks great
Great content, Thanks.
Is it beneficial to implement Sysmon in conjunction with CrowdStrike EDR?
What benefits does Sysmon provide that CrowdStrike doesn't?
I don't get the question. Sysmon is for logging and Crowdstrike is an EDR.
@@LAWRENCESYSTEMS Thank you for your reply. My question is: Is it worthwhile to implement Sysmon if we are already using Crowdstrike? I believe that Crowdstrike monitors everything that Sysmon does?
@@kasta851984 I don't use Crowdstike so I don't know