Running the Sysmon Powershell Attack scenario in the QRadar Experience Center App

Question & Answer

Question

Sysmon stands for System Monitor. It is a Windows service that monitors and logs system activity, such as the creation of new processes, network connections, and changes to the Windows registry. By using IBM Security QRadar to collect the events that Sysmon generates and then analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. In this Powershell attack scenario, a user in your network opens a file that runs a Powershell command, which installs a piece of malware. The malware then steals users' credentials, which allow it to move laterally to other endpoints in your network, infecting them and starting the process over again.

Duration: 8 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

Answer

The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.

Related Information

Click here to view this course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Running the Sysmon Powershell Attack scenario in the QRadar Experience Center App

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?