Resources

Welcome to my random collection of helpful tools and resources. Enjoy!

Telemetry, logging and EDR

  • Sysmon

    • Part of Microsoft’s Sysinternals suite and probably the best free tool you can use to improve visibility in your Windows environment. Did I mention it’s free? Sysmon does require some configuration, but there are good configs out there (see below).

    • Olaf Hartong’s Modular Sysmon Config is an incredible configuration that uses many different include/exclude conditions, as well as useful metadata for the events that get logged. Consider adopting it or using it as a helpful resource in developing your own config.

    • SwiftOnSecurity is a great base-config to start out with. It has not been updated in quite some time, but it is a decent place to start with if you are looking for something a little more basic.

    • One of my favorite resources for learning about Sysmon is the Sysmon Community Guide by TrustedSec.