Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection Engineer

preview_player
Показать описание
This discussion with Amanda Berlin, Lead Instant Detection Engineer at Blumira. The focus of the conversation is on utilizing Sysmon for threat hunting and testing detections in cybersecurity. Amanda, a seasoned cybersecurity professional, shares her expertise in detecting malicious behavior in the wild through practical examples. The discussion covers anomaly detection, the utilization of various tools (with links provided in the video description), and the importance of understanding threat detection in a real-world context.

Links mentioned in the video

Sending Windows Event Logs to Graylog With NXLOG

Connecting With Us
---------------------------------------------------

Lawrence Systems Shirts and Swag
---------------------------------------------------

AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store

UniFi Affiliate Link

All Of Our Affiliates that help us out and can get you discounts!

Gear we use on Kit

Use OfferCode LTSERVICES to get 10% off your order at

Digital Ocean Offer Code

HostiFi UniFi Cloud Hosting Service

Protect you privacy with a VPN from Private Internet Access

Patreon

CHAPTERS:
0:00 - Introductions
5:19 - Cyber Threat Defense Strategies
7:38 - Understanding Sysmon Essentials
13:57 - Exploring Sysmon Advantages
15:29 - Standard Deviation Explained
18:41 - Adversary Emulation Techniques
24:00 - Sysmon Use Case: Scenario 1
30:47 - Sysmon Use Case: Scenario 2
36:43 - Sysmon Use Case: Scenario 3
44:06 - Exchange Server Compromise Case Study
52:53 - Enhancing Detection with Testing
55:30 - Insights from Incident Response
57:21 - Conclusion and Thanks
  1. Lawrence Systems
  2. LawrenceSystems
  3. log management
  4. server logs
  5. centralised logging
  6. syslog server
Рекомендации по теме
Understanding Sysmon & 0:57:52

Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection E...

Threat Hunting via 0:51:01

Threat Hunting via Sysmon - SANS Blue Team Summit

Learning Sysmon - 0:11:45

Learning Sysmon - What is Sysmon? (Video 1)

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

Using Sysmon to 3:40:01

Using Sysmon to Improve your Incident Response and Threat Hunting Capabilities

Threat Hunting using 0:13:42

Threat Hunting using Sysmon | Identify malicious or anomalous activity

Threat Hunting with 0:50:40

Threat Hunting with Sysmon For Security Operations Center | TryHackMe Sysmon

Threat Hunting Explained 0:00:56

Threat Hunting Explained

How To Threat 0:06:01

How To Threat hunt Like A Pro: The Easy Way

My “Aha!” Moment 0:33:41

My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019...

Advanced Incident Detection 0:39:05

Advanced Incident Detection and Threat Hunting using Sysmon and Splunk - Tom Ueltschi

Threat Hunting with 0:38:40

Threat Hunting with Sysmon - Binary Defense

What is Threat 0:15:30

What is Threat Hunting? | CyberRes SME Submission

Threat Hunting in 0:27:39

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

Threat Hunting Tutorial: 0:10:47

Threat Hunting Tutorial: Introduction

Common misconceptions and 0:31:22

Common misconceptions and mistakes made in Threat Hunting

M365 Threat Hunting—How 0:44:24

M365 Threat Hunting—How to Understand Attacker's TTPs in Your Tenant

The Basics of 0:58:44

The Basics of the Threat Hunting Process with Security Weekly and LogRhythm

How To Setup 0:14:35

How To Setup ELK | Elastic Agents & Sysmon for Cybersecurity

Windows logging, Sysmon, 0:59:35

Windows logging, Sysmon, and ELK

Quick Forensics of 0:09:55

Quick Forensics of Windows Event Logs (DeepBlueCLI)

Hunt and Gather: 0:40:01

Hunt and Gather: Developing Effective Threat Hunting Techniques

Threat Hunting in 0:28:05

Threat Hunting in the Microsoft Cloud: Times They Are a-Changin' | John Stoner

Kolide & OSQuery: 0:59:54

Kolide & OSQuery: How to Build Solid Queries and Packs for Detection and Threat Hunting

Комментарии
Автор

Thanks, Tom and Amanda! This was super useful and informative!

blindside
Автор

super interesting stuff guys! thanks!

edlippjr
Автор

Thanks Tom and Amanda for that Interesting Presentation. Great Info. Brought back memories of Sleepless nights from my previous Job Posting as a lone System Administrator in a private medical clinic in Canada. It was a constant (losing) battle with the users (Doctors) to improve security. Thankfully those scary days are years behind me now.

Any upcoming video to transfer sysmon logs into Graylog?

jeep_in_mb
Автор

How nice would it be if Microsoft included these utilities in a default install rather than the crap I have to spend an hour uninstalling! Great video thanks!

davidanderson
Автор

This is great. Made me want to check if Blumira is hiring.

LINO
Автор

Awesome talk! Thanks for the information. I would love to see a similar talk on Unix system security logging. Maybe even Sysmon for Linux.

arronjablonowski
Автор

Blumira is not available in my country and I'm extremely sad about it, because it looks great

GordonSquared
Автор

Great content, Thanks.
Is it beneficial to implement Sysmon in conjunction with CrowdStrike EDR?
What benefits does Sysmon provide that CrowdStrike doesn't?

kasta
Автор

So I've used sysmon for brief debugging, but how do you tack it up to log app network connections 24/7? There goes my weekend...

clickallnight