One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Got Sysmon? How to Deploy Sysmon and Collect the Logs in an Enterprise Environment

  • Thursday, April 09, 2020 at 10:30 AM EDT (2020-04-09 14:30:00 UTC)
  • Scott Lynch

You can now attend the webcast using your mobile device!

  

Overview

Having more data available before, during and after an attack is critical, having a good baseline is key. In this talk we will look at how to get this done, the various ways available to deploy Sysmon, and what we can do to ship those logs to your SIEM. Join this webcast to hear Scott Lynch discuss the different ways possible to get those ever important logs off your systems and into the SIEM, where analysis can be done and threat hunting can be taken to a whole new level!

Speaker Bio

Scott Lynch

Scott Lynch is a seasoned and passionate security engineer, manager, and all around tech geek. Scott got his start in computers when the Atari 400 was a thing. Before working full time in IT, Scott spent 10 years with the US Navy working in Electronic Warfare on a Nimitz class carrier seeing the world while protecting the fleet from threats during the post Cold War. When Scott left active duty he joined a P-3 squadron to enjoy the benefits of being an aviator while working full time at a Satellite Communications company based out of Philadelphia. Part of the lure of coming to Universal Space Network was the founder, Charles "Pete" Conrad, Apollo 12 Astronaut and third man to walk on the moon. The enticement of getting to continue to travel the world working at remote satellite ground stations whilst being a part of the space program marked the beginning of a 20-year career working in everything from ground station antennaes, satellite operations, to mission integration and launch support operations. This lead to working in IT security permamently over 10 years ago. Since coming on board at Universal Space Network, the company was acquired by its new patent Swedish Space Corporation where Scott spends his time working as the global Security Operations manager for a truly global satellite communications network. Scott manages the CSIRT team and SOC for SSC in support of our global customer base from NASA, ESA, DoD and beyond. Scott has also been a Cisco Instructor for over 10 years teaching the next generation of network engineers. When Scott is not traveling the world for SSC he loves to spend time with his family.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.