Avast WEBforum

Other => Non-Avast security products => Topic started by: polonus on October 22, 2021, 12:16:25 PM

Title: Threat hunting using Microsoft's Sysmon results
Post by: polonus on October 22, 2021, 12:16:25 PM

Microsoft and Google are introducing sysmon to VirusTotal results (behavior).

Read what splunk (re-)searchers have to say on the subject:
https://www.splunk.com/en_us/blog/security/a-salacious-soliloquy-on-sysmon.html

Their browser extension: https://chrome.google.com/webstore/detail/search-splunk/pfiabanojfbjbliahckgpmeemefdiael

polonus

Title: Re: Threat hunting using Microsoft's Sysmon results
Post by: Asyn on October 22, 2021, 02:08:40 PM

More here: https://www.microsoft.com/security/blog/2021/10/20/new-microsoft-sysmon-report-in-virustotal-improves-security/

Title: Re: Threat hunting using Microsoft's Sysmon results
Post by: DavidR on October 22, 2021, 05:26:28 PM

That certainly adds value to virustotal especially if it is also passed to vendors who also participate in virustotal.

Now, if only that data captured by sysmon can be used to close down these sites used by malicious files. Or even prosecute the owners linked to the site/s used for malicious purposes.

Title: Re: Threat hunting using Microsoft's Sysmon results
Post by: polonus on October 22, 2021, 06:13:41 PM

Hi DavidR,

This may improve security, but it does not protect against a rootkit infection of sorts.

polonus

Title: Re: Threat hunting using Microsoft's Sysmon results
Post by: DavidR on October 22, 2021, 09:33:37 PM

Quote from: polonus on October 22, 2021, 06:13:41 PM

Hi DavidR,

This may improve security, but it does not protect against a rootkit infection of sorts.

polonus

I'm thinking more on the intelligence that can be gathered rather than just on-demand style scan of VT currently just giving malware name.