Here is where you will find additional resources, samples and guidance to help with your security program.
Malware Archaeology has a long list of well known malware analysis and APT reports with good artifacts and techniques that can be used to improve your program.
- Sample Sysmon "Config.xml" - Looking into Sysmon and want a pre-populated config file to reduce the noise? Start here and adjust to your needs.
- Malware Archaeology Cheat Sheets - Several cheat sheets to help in configuring and expanding the log and auditing of Windows.
3rd Party Add-Ons
Use these to help LOG-MD discover malicious things
- Sysinternals Sysmon - Windows service that collects more data about what is happening on Windows based systems
- RSA 2016 presentation on Sysmon by the author - Great presentation to understand what Sysmon can do for you
- Windows Logging Service (WLS) - Windows based service and syslog replacement client that collects more data about what is happening on Windows based systems
- Presentation by the WLS author - Great resource