Author Topic: Threat hunting using Microsoft's Sysmon results  (Read 3569 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Threat hunting using Microsoft's Sysmon results
« on: October 22, 2021, 12:16:25 PM »
Microsoft and Google are introducing sysmon to VirusTotal results (behavior).

Read what splunk (re-)searchers have to say on the subject:
https://www.splunk.com/en_us/blog/security/a-salacious-soliloquy-on-sysmon.html

Their browser extension: https://chrome.google.com/webstore/detail/search-splunk/pfiabanojfbjbliahckgpmeemefdiael

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Threat hunting using Microsoft's Sysmon results
« Reply #2 on: October 22, 2021, 05:26:28 PM »
That certainly adds value to virustotal especially if it is also passed to vendors who also participate in virustotal.

Now, if only that data captured by sysmon can be used to close down these sites used by malicious files. Or even prosecute the owners linked to the site/s used for malicious purposes.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Threat hunting using Microsoft's Sysmon results
« Reply #3 on: October 22, 2021, 06:13:41 PM »
Hi DavidR,

This may improve security, but it does not protect against a rootkit infection of sorts.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Threat hunting using Microsoft's Sysmon results
« Reply #4 on: October 22, 2021, 09:33:37 PM »
Hi DavidR,

This may improve security, but it does not protect against a rootkit infection of sorts.

polonus

I'm thinking more on the intelligence that can be gathered rather than just on-demand style scan of VT currently just giving malware name.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security