Sysmon Learning Resources

This is a carefully selected list of resources that will help you learn about deploying, managing, and hunting with Microsoft Sysmon. It includes presentations, deployment methods, configuration file examples, blogs, and additional GitHub repositories. You can easily explore most of the content at this link: https://mhaggis.github.io/sysmon-dfir/ **Sysmon Learning Resources** **General Community Guide** **TrustedSec** **Sysinternals Sysmon Community Guide** **Utilities** - **SysmonHunter** An easy-to-use ATT&CK-based Sysmon hunting tool. - **SysmonX** An augmented drop-in replacement for Sysmon. - **SysmonTools** - **Nader Shalabi** A tool to parse Sysmon logs. - **Matt Churchill, CrowdStrike** A Sysmon Config Bypass Finder. - **@MartinKorman** Presentations on advanced incident detection and threat hunting using Sysmon (and Splunk) from 2018. - **Tom Ueltschi** A guide on how to transition from responding to hunting with Sysinternals Sysmon. - **Mark Russinovich** A presentation on tracking hackers on your network using Sysinternals Sysmon. - **Mark Russinovich** A video on advanced incident detection and threat hunting using Sysmon and Splunk. - **Tom Ueltschi** Slides on advanced incident detection and threat hunting using Sysmon and Splunk. - **Tom Ueltschi** A session on Splunking the endpoint. - **James Brodsky** A hands-on session on Splunking the endpoint.