By using Sysmon on many systems within the network and collecting all the logs in a central location you’ll get a database full of interesting attributes and Metadata which can be statistically analyzed in order to identify anomalies.Ĭarlos Perez wrote a really good article on Sysmon, which you should check out if you’re new to Sysmon and its capabilities. We know how to track processes with the standard Windows audit policy option “Audit process tracking”, but Sysmon messages contain much more information to evaluate. I recently developed a method to detect system file manipulations, which I would like to share with you. SysInternals Sysmon is a powerful tool especially when it comes to anomaly detection.
0 Comments
Leave a Reply. |