Infosec quotes - start threat hunting

“...

Getting started with Threat Hunting:

1) Install Splunk

2) Sysmon all the endpoints using GPO

3) Send all logs to Splunk using Sysmon TA

4) Run saved queries :D

...”

https://twitter.com/vysecurity/status/993092569813979136?s=21