Blueteaming
DeepBlueCLI
Splunk
Graylog
grep -C 5 -i lsass sysmon-data.json
grep -C 5 -i '"ppid": 3440' sysmon-data.json
Log-, Monitoring und Reporting-Plattform
sweetums
index=main santa
C:\Users\cbanas\Documents\Naughty_and_Nice_2019_draft.txt
index=main
sourcetype=XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
powershell
EventCode=3
144.202.46.214.vultr.com
