Splunkmon – Taking Sysmon to the Next Level
Many organizations are targeted by threat actors whose mission it is to steal intellectual property, PII data, PCI data, or other proprietary information. Once the attacker has a particular target in their sights, they more often than not succeed in breaching that organization’s network. Once the attackers are in, the countdown to mission completion begins. Will the threat actor meet their end objective or will the organization’s blue team identify, contain, and eradicate the threat in time?
Unfortunately, threat actors often fly under the radar of blue teams as they pillage through the targeted network. In many cases, the threat actors are not detected until months after they complete their mission and sometimes, they are never detected at all.
During this webinar, The Crypsis Group’s Alec Randazzo, James Espinosa, and Thomas Aneiro will discuss ways to detect and hunt for active threat actors by pairing the free utility Sysmon with Splunk.
- Discuss common attacker tactics that blue teams can use in hunting and creating alerts.
- Demonstrate how to pair Sysinternals Sysmon with Splunk to detect these common actions in near real time.
- Provide a base set of signatures for Sysmon data in Splunk that can be used to detect common actions performed by threat actors.