Ok, installed and ran sysmon ... Now what?

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.73k stars 1.69k forks source link

Ok, installed and ran sysmon ... Now what? #114

Open quantuumsnot opened 4 years ago

quantuumsnot commented 4 years ago

For the average user it's not clear enough from Use section about how to check the results of sysmon in Event Viewer for possible malicious activity on the machine

davebremer commented 4 years ago

Yes analysis is hard and not for the “average user”. Sysmon collects data. It does not analyse. While a SIEM is pretty much essential given the volume of events. It takes knowledge and experience that needs developed in a person over time. An average user won’t have much luck, unless they work at developing those skills, but then that’s not the average user

quantuumsnot commented 4 years ago

Average user != Beginner which usually means a simple how-to will be sufficient enough