“...
Getting started with Threat Hunting:
1) Install Splunk
2) Sysmon all the endpoints using GPO
3) Send all logs to Splunk using Sysmon TA
4) Run saved queries :D
...”
https://twitter.com/vysecurity/status/993092569813979136?s=21
No comments:
Post a Comment