The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.