Testing Endpoint Detection - Windows
Contents
Tools used:
- Security Onion -> Elastic stack as the SIEM.
- sysmon
- Winlogbeat to ship Sysmon logs
As we can see from the Log Count by Node. I can see my hostname of my client computer this mean that there are some logs shipped to SecurityOnion. \
![](/images/modern_cyber_range42.jpg)
![/images/modern_cyber_range43.png](/images/modern_cyber_range43.png)
![/images/modern_cyber_range44.png](/images/modern_cyber_range44.png)
![/images/modern_cyber_range45.jpg](/images/modern_cyber_range45.jpg)