App och info

Sysmon - Windows Sysinternals | Microsoft Docs

windows-sysinternals-sysmon - Microsoft Q&A

PowerPoint Presentation (sector.ca)

A Sysmon Event ID Breakdown - Now with Event ID 25!! - Black Hills Information Security (blackhillsinfosec.com)

Better Windows Security Logging Using Sysmon – David's thoughts on Microsoft technologies (cloudyhappypeople.com)

 

Config

sysmon-config/sysmonconfig-export.xml at master · SwiftOnSecurity/sysmon-config · GitHub

GitHub - olafhartong/sysmon-modular: A repository of sysmon configuration modules

GitHub - trustedsec/SysmonCommunityGuide: TrustedSec Sysinternals Sysmon Community Guide

Posh-Sysmon Module for Creating Sysmon Configuration Files (darkoperator.com)

Process Security and Access Rights - Win32 apps | Microsoft Docs

 

Hunt

Sysinternals Sysmon suspicious activity guide | Microsoft Docs

Threat Hunting with Sysmon: Word Document with Macro - Syspanda