Tag: Sysmon

Deploy Sysmon and collect additional data with Sentinel and the AMA agent

System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. Sysmon…

Jeffrey, January 26, 2023 2 10 min read

Security

Use Sysmon for monitoring servers with Microsoft Sentinel

System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. What…

Jeffrey, July 27, 2021 0 6 min read

Recent Posts

Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR

AI workload threat protection in Microsoft Defender for Cloud

Configure automatic Attack Disruption in Microsoft Defender XDR

How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow

Common mistakes during Microsoft Defender for Endpoint deployments

How to check for OAuth apps with specific Graph permissions assigned

AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)

Tag: Sysmon

Deploy Sysmon and collect additional data with Sentinel and the AMA agent

Use Sysmon for monitoring servers with Microsoft Sentinel

Microsoft MVP

MDE blog series

Supporting this blog

Latest topics

Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR

AI workload threat protection in Microsoft Defender for Cloud

Configure automatic Attack Disruption in Microsoft Defender XDR

How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow

Common mistakes during Microsoft Defender for Endpoint deployments

How to check for OAuth apps with specific Graph permissions assigned

Social Media

Trending Slider

Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR

AI workload threat protection in Microsoft Defender for Cloud

Configure automatic Attack Disruption in Microsoft Defender XDR

How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow

Common mistakes during Microsoft Defender for Endpoint deployments

How to check for OAuth apps with specific Graph permissions assigned

Today's pick

Latest

Popular

Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR

AI workload threat protection in Microsoft Defender for Cloud

Configure automatic Attack Disruption in Microsoft Defender XDR

How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow

Fast response with Azure AD Continuous Access Evaluation (CAE) and Conditional Access

Downloads blokkeren via Conditional Access App Control vanuit Microsoft Endpoint Manager

Android Enterprise fully managed beschikbaar in Microsoft Intune voor zakelijke omgevingen

Android Enterprise via Microsoft Endpoint Manager als vervanger van Android device administrator