Sysmon Monitoring Different Way - Marek Mikita

BSides Vancouver 2021 Why have all sysmon logs and not look into this differently. I working on simple graphical visualization for sysmon logs for quick threat hunting and solving all problems. Attackers always come with some bright idea why not to look into sysmon logs as graphs. I would like to release my small docker project when you can start looking for misbehavior of your system. Graph will show connection between processes. Also there will be option to see which DNS request and services was started or stopped. Interface provide simple design for review your graph in different views. There is option to see all current processes on graph. They also provide details about certain processes as PID, name, version, date of execution if available.