A curated list of resources for learning about deploying, managing and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs and additional github repositories.
Config will assist with bringing you up to speed in relation to critical process monitoring, network utilization, and so on. Note that the concept is to not log everything, but the most important items.
Solid, detailed config. Probably one of the best ones out there in relation to completeness.
Basic config that will monitor critical Windows process execution. Very basic, but a good config to get used to sysmon and how things operate.
Crypsis Group published config and PDF. Fairly detailed list of excludes that should assist with understanding how they work and get a configuration started.
Great configuration to understand excludes and contains.
Solid blog post related to getting started with Sysmon. Config is nicely laid out and easy to understand.
Config is specific but it provides a good foundation for capturing a lot of specific data.
(Translated comments to english)
Provided by https://github.com/VVard0g - Roberto Rodriguez
Related material from Splunking the Endpoint .conf talk by James Brodsky and Dimitri McKay.
Configs are optimized for Splunk.
Configs are updated frequently --
Server Config: https://gist.github.com/Neo23x0/a4b4af9481e01e749409
Client config: https://gist.github.com/Neo23x0/f56bea38d95040b70cf5