Using Sysmon to See What’s Happening on Endpoints

Sysmon v6.01 is out from Windows Sysinternals and it’s even better than ever. This free tool runs in the background of your machine and provides efficient and powerful tracking of key security activity data that you can use to catch threat actors.

In this on-demand webcast, Jake Reynolds, technical alliances engineer, joins Randy Franklin Smith, Windows Security subject matter expert, to discuss how Sysmon works and how to set it up to properly generate insightful information. Together they also demonstrate how LogRhythm’s analytics capabilities can help you detect threats by correlating Sysmon logs with other logs from your IT environment.

You’ll learn:

  • Advantages of Sysmon over Windows Security Logs
  • How Sysmon works
  • How to configure Sysmon to work with LogRhythm
  • How to detect threats with LogRhythm’s threat detection modules using Sysmon logs

Watch now to learn how to use Sysmon events and LogRhythm to detect malicious activity on your endpoints.