In this video, Research Team Lead Carlos Perez goes over the general structure of the Sysmon configuration file. He covers all the major elements such as how to organize filters, how to read the schema in order to configure an event type, as well as the operators you can use to configure the filters.
00:00:00 Intro
00:00:44 Sysmon Root Element
00:02:00 Sysmon Configuration Elements
00:03:40 Event Filtering
00:04:41 Rule Group
00:06:33 Example Configs from SwiftOnSecurty and Olaf
00:10:21 Event Type Structure in the Schema
00:12:43 Sysmon Filter Operators
