Testing Endpoint Detection - Windows

Tools used:

• Security Onion -> Elastic stack as the SIEM.
• sysmon
• Winlogbeat to ship Sysmon logs
  
  As we can see from the Log Count by Node. I can see my hostname of my client computer this mean that there are some logs shipped to SecurityOnion. \

\ \ Let's do try out a command and see if the sysmon is able to record it. The command we will try is: `ipconfig` and `tasklist /v` \ \