2017-08-10

Hello colleagues, this is an example I promised answering this tweet. I used this sysmon config to capture activities happening on my system. Unfortunately it did not capture a lot of network-related activities, perhaps I need to change it to extend network-level filters. But on the other hand it captured a lot of process level activities, so in this example i’d like to try to graph process creation events.

Using graphs to analyze Windows Firewall logs

2017-08-08 PowerShell PSQuickGraph

Hello colleagues, lets talk about how we can use graphs to look inside of communications happening in our environments in an easy way. First of all we need to have some data to analyze. Lets gather some. It is pretty simple - just use this article and enable Windows Firewall Logging. I usually put the logs into a separate folder, just for easy access. Here is how it looks like on my system: Continue reading

Bilberry Hugo Theme

Modern IT Engineer

Use Powershell to analyze Sysmon events

Using graphs to analyze Windows Firewall logs