We’re excited to share an in-depth discussion on Sysmon and threat hunting between Blumira’s Lead Incident Detection Engineer Amanda Berlin and security influencer Tom Lawrence.
Amanda presented to Tom’s audience on how Sysmon transforms an organization’s ability to detect threats by capturing detailed Windows event logs. She walked through real-world attack examples, explaining how certain malicious behaviors can slip past traditional SIEMs but get flagged by Sysmon’s advanced logging.
Tom and Amanda also dove into threat hunting tradecraft like leveraging anomaly detection and adversary emulation frameworks. Amanda shared how Blumira uses these techniques to continuously improve detections mapped to the MITRE ATT&CK framework.
With Amanda’s insight into Blumira’s security research process and Tom’s perspective as an end user, this conversation offers valuable lessons for any IT team looking to enhance their security stack.
A few key takeaways:
We highly recommend checking out the full video above! Amanda and Tom covered a ton of ground, from specific techniques to high-level strategies for improving threat detection. It’s a great watch for insights on Advanced Logging, MITRE ATT&CK Framework, and key strategies for IT Directors.