Wednesday, April 1, 2015
Using Sysmon to increase Security Onion effectiveness
Author Josh Brower did a great job in this research project. From the paper's abstract, "With more network traffic being encrypted, as well as the persistence of advanced adversaries, it is becoming increasingly imperative that there is greater visibility at the host-level. With this greater visibility comes the ability to more efficiently detect and respond to threats. This paper highlights the use of Sysmon to enrich existing Windows host visibility capabilities in Security Onion, as well as how to use this increased visibility in detection and incident response."