In this video, Research Team Lead Carlos Perez goes over how to build a baseline for the system so it is easier to stop outliers in the log for C2 connections, Lateral Movement and Data exfiltration.
Sysmon Modular:
https://github.com/olafhartong/sysmon-modular
Sysmon Community Guide:
https://github.com/trustedsec/SysmonCommunityGuide
PSGumshoe PowerShell Module
https://www.powershellgallery.com/packages/PSGumshoe/
Sysmon Visual Studio Code Extension
https://marketplace.visualstudio.com/items?itemName=DarkOperator.sysmon
Olaf Sysmon Modular video
https://www.youtube.com/watch?v=Cx_zrM8Hu7Y
00:00 Intro
01:58 Fields for the Event
03:12 Controlling Reverse DNS Lookup
04:00 Building a Baseline
10:14 Final Recommendations
