<ciso brief/>
Tag Banner

All news with #sysmon tag

all tags →

Tue, November 18, 2025

Microsoft to Natively Integrate Sysmon in Windows 11

#Microsoft #Sysmon #Sysinternals #Windows 11 #Windows Server

🛡️ Microsoft will integrate Sysmon natively into Windows 11 and Windows Server 2025, removing the need to deploy the standalone Sysinternals tool. The built-in functionality will preserve Sysmon’s capabilities, including support for custom configuration files and advanced event filtering, and logs events to the Windows Event Log. Administrators can enable it via Optional Features or run sysmon -i (or sysmon -i <config>) to load a custom configuration, and updates will be delivered through Windows Update to simplify management and improve coverage in large environments.

read more →

Fri, January 10, 2025

Turning Threat Research into Practical VirusTotal Detections

#Behavioral Detection #Detection Engineering #Lummac Stealer #Sigma Rules #Sysmon #Threat Hunting #Threat Report #VenomRAT #VirusTotal

🔎 Detection engineering guidance for researchers and defenders. This post shows how VirusTotal can be used to hunt for recent, sandboxed samples and derive behavioral Sigma rules by combining targeted VT queries, sandbox logs (CAPE/Zenbox), and manual analysis. Using Lummac and VenomRAT examples, the team created experimental Sigma detections for process execution (more.com/vbc.exe) and suspicious .conf file creation to aid SOCs and hunting teams.

read more →