You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Splunkmon</strong> <strong>—</strong> <strong>Taking</strong> <strong>Sysmon</strong> <strong>to</strong> <strong>the</strong> <strong>Next</strong> <strong>Level</strong><br />
Contents<br />
Introdution. ................................................................... 3<br />
<strong>Sysmon</strong>. ...................................................................... 3<br />
<strong>Sysmon</strong> and Splunk. ........................................................... 6<br />
Threat Ac<strong>to</strong>r Activity Scenarios .................................................. 9<br />
Conclusions .................................................................. 25<br />
Appendix A: Splunk Searches. .................................................. 26<br />
ABOUT THE AUTHORS<br />
Alec Randazzo Alec Randazzo is a Principal Consultant in <strong>the</strong> Crypsis Group’s McLean, Virginia office. He has over<br />
four years of experience responding <strong>to</strong> data breaches on behalf of organizations across a variety of industries and<br />
ranging in size from small start-ups <strong>to</strong> Fortune 100 corporations.<br />
Thomas Aneiro has more than three years of experience working in information technology and security operations.<br />
He leverages his operational expertise <strong>to</strong> work with clients <strong>to</strong> maximize <strong>the</strong>ir Splunk® instances by evaluating what<br />
data is most value in <strong>the</strong>ir environment.<br />
James Espinosa is a Senior Consultant in <strong>the</strong> Crypsis Group’s Chicago office. Mr. Espinosa has over four years of<br />
experience working in security operations and responding <strong>to</strong> data breaches on behalf of organizations ranging from<br />
start-ups <strong>to</strong> Fortune 500 corporations.<br />
© The Crypsis Group www.crypsisgroup.com 2