Introduction It’s already been six months since I started my journey as a Security Analyst (time flies!) so I thought I’d share some thoughts to help other aspiring SOC Analysts. I started with no professional IT experience, only a lifelong interest. My background was primarily in engineering. I prepared for an infosec role by doing CompTIA Security+ and Blue Team Level One certifications (review here), playing around on TryHackMe and with Security Onion, and generally learning as much as possible.
Introduction Helpful Links Install Upgrade Uninstall The Problem The Investigation The Solution Introduction If you’re on this page you probably don’t need me to explain much about what Sysmon is or why it is an excellent tool for security monitoring. In short: It’s part of Microsoft’s Sysinternals Suite So it should play nice with Windows It can monitor almost anything that happens on a Windows host So it can detect all the most common MITRE ATT&CKs It logs using Windows Event Logs So it’s easy to export to a SIEM etc for analysis However, if you’ve tried rolling Sysmon out to a large number of machines, and then removing or updating it, you may have experienced some issues.