Question & Answer
Question
Sysmon stands for System Monitor. It is a Windows service that monitors and logs system activity, such as the creation of new processes, network connections, and changes to the Windows registry. By using IBM Security QRadar to collect the events that Sysmon generates and then analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. In this Powershell attack scenario, a user in your network opens a file that runs a Powershell command, which installs a piece of malware. The malware then steals users' credentials, which allow it to move laterally to other endpoints in your network, infecting them and starting the process over again.
Duration: 8 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy
Answer
The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.
Related Information
Was this topic helpful?
Document Information
Modified date:
07 July 2020
UID
ibm16100582