Ok, installed and ran sysmon ... Now what?
quantuumsnot opened this issue · comments
quantuumsnot commented
For the average user it's not clear enough from Use
section about how to check the results of sysmon in Event Viewer
for possible malicious activity on the machine
Dave Bremer commented
Yes analysis is hard and not for the “average user”. Sysmon collects data. It does not analyse. While a SIEM is pretty much essential given the volume of events. It takes knowledge and experience that needs developed in a person over time. An average user won’t have much luck, unless they work at developing those skills, but then that’s not the average user
quantuumsnot commented
Average user != Beginner which usually means a simple how-to will be sufficient enough