Today I Learned about Auditpol, Sysmon, and Sysmon Configurations
Table of Contents
Today I learned / Read About…
What SimeonOnSecurity learned about and found interesting today
SimeonOnSecurity learned and discovered several interesting things today related to Windows security and event monitoring.
First, two new and updated repositories were identified. The Automate-Sysmon repository provides a solution for automating the installation, configuration, and management of Sysmon, a popular tool for monitoring and logging system activity on Windows systems. The Windows-Audit-Policy repository provides a solution for automating the configuration of Windows audit policies, which control the auditing of various security-related events on Windows systems.
SimeonOnSecurity also found several learning resources related to Windows security and event monitoring. The Getting Started With Sysmon article provides a comprehensive introduction to Sysmon, including its features, benefits, and how to use it effectively. The Malware Archaeology Cheat Sheets provide concise and actionable information on various topics related to malware analysis and threat hunting. The Microsoft Sysinternals - Sysmon documentation provides information on the features and usage of Sysmon. The sysmon-config repository provides a set of pre-configured Sysmon rules that can be used as a starting point for customizing Sysmon configuration.
Finally, SimeonOnSecurity found several resources related to the Windows audit policy command-line tool (auditpol). The auditpol backup, auditpol clear, auditpol list, and auditpol restore documents provide information on how to use these commands to manage the Windows audit policy. The auditpol document provides a comprehensive overview of the auditpol tool and its capabilities. Finally, the sysmon-modular repository provides a modular approach to configuring Sysmon, which can be useful for large organizations with complex security requirements.