Threat Hunting with ELK Workshop (InfoSecWorld 2017)
- Will be posted after workshop
- https://technet.microsoft.com/en-us/sysinternals/sysmon
- https://www.rsaconference.com/events/us17/agenda/sessions/7516-How-to-Go-from-Responding-to-Hunting-with-Sysinternals-Sysmon
Sample data from: