Improving your detection with Sysmon, Sigma & ELK

Before Starting

Benefits of SIGMA

Sysmon primer

Logzio (Hosted ELK to make life easy)

Logz.io homepage
Instructions to install Sysmon logging to Logz.io

Generating data to write rules from

IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
Install-AtomicRedTeam -getAtomics

Writing the rules

Invoke-AtomicTest [TacticNumber] -ShowDetailsBrief

Twitter: @mikecybersec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store