Sysmon configuation

Seriously just use the swiftonsecurity config - it's way better than what you're doing now.

Tags — | sysmon | windows | eventlogs | Categories: — incident response | logging | windows |

Posted at — Jun 1, 2019

Tldr

Seriously just use https://github.com/SwiftOnSecurity/sysmon-config

Less tl;dr

https://github.com/SwiftOnSecurity/sysmon-config
WEF is going to save you a lot of money/effort
Sticking things into (H)ELK is going to be better than some other generic shitty SIEM
You should have hardened your machines