Loading…
Attending this event?
← Back to schedule
Enrich your Windows 11 MDE advanced hunting data with Sysmon
Thursday September 19, 2024 15:20 - 16:20 CEST
Clubraum 2
Defender for Endpoint is a superb data source for custom detections and the data can even be used to troubleshoot IT operations.
But as most of you are aware, MDE is also notoriously known for dedeplucating data and the dataset collected is defined by Microsoft.

If you want more flexibility Sysmon is an amazing data source for additional information and with the new Azure Monitor agent on Windows client devices the data ingestion into Microsoft Sentinel (Log Analytics) is easier than ever.

At the end of the session you will know how to implement the proposed solution, where you will find configurations to get started and what are the pitfalls in the current version.
Speakers
avatar for Fabian Bader

Fabian Bader

Cyber Security Architect, glueckkanja AG
Fabian Bader is a Cyber Security Architect and Microsoft MVP from Germany. He focuses on security and cloud solutions and works mainly with Microsoft technologies.From Azure cloud to on-premises Active Directory, he likes to automate stuff with PowerShell.Besides being a speaker at... Read More →
Enrich your Windows 11 MDE advanced hunting data with Sysmon pdf
Thursday September 19, 2024 15:20 - 16:20 CEST
Clubraum 2
  Security, Windows
Log in to leave feedback.

Attendees (33)


Log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link