We will now download Sysmon on both our Windows Workstation VM and our Windows Server 2022 VM (Active Directory). Sysmon provides cybersecurity analysts detailed system logs, which allow us to detect suspicious behavior, malware execution, or persistence techniques. Sysmon on Windows Workstation will allow us to monitor endpoint activity, including process creation, network connections, and file modifications. Sysmom on Windows Server 2022 will allow us to detect suspicious activities, privilege escalation, lateral movement, and unauthorized access attempts.
In the Windows Workstation VM download the Sysmon zip.
After extracting the zip file, go to the folder in PowerShell. Make sure you add the sysmonconfig.xml file.
Use “ .\sysmon64.exe -accepteula -i YOURFILE.xml" to install Sysmon.
Now perform the same steps on the Windows Server 2022 VM.
No comments:
Post a Comment