Threat hunting using Microsoft's Sysmon results

Microsoft and Google are introducing sysmon to VirusTotal results (behavior).

Read what splunk (re-)searchers have to say on the subject:
https://www.splunk.com/en_us/blog/security/a-salacious-soliloquy-on-sysmon.html

Their browser extension: https://chrome.google.com/webstore/detail/search-splunk/pfiabanojfbjbliahckgpmeemefdiael

polonus

More here: https://www.microsoft.com/security/blog/2021/10/20/new-microsoft-sysmon-report-in-virustotal-improves-security/

That certainly adds value to virustotal especially if it is also passed to vendors who also participate in virustotal.

Now, if only that data captured by sysmon can be used to close down these sites used by malicious files. Or even prosecute the owners linked to the site/s used for malicious purposes.

Hi DavidR,

This may improve security, but it does not protect against a rootkit infection of sorts.

polonus

I’m thinking more on the intelligence that can be gathered rather than just on-demand style scan of VT currently just giving malware name.