Detection Engineering
Sysmon Configuration for Threat Detection
A practical Sysmon configuration for threat detection — the event IDs that matter, a tuned config approach, what to send to your SIEM, and the rules it powers.
2 articles
A practical Sysmon configuration for threat detection — the event IDs that matter, a tuned config approach, what to send to your SIEM, and the rules it powers.
How to detect LSASS credential dumping — the Sysmon process-access signal, suspicious GrantedAccess masks, a Sigma rule, and the LSA protections that prevent it.