IBM Support

Running the Sysmon Powershell Attack scenario in the QRadar Experience Center App

Question & Answer


Question

Sysmon stands for System Monitor. It is a Windows service that monitors and logs system activity, such as the creation of new processes, network connections, and changes to the Windows registry. By using IBM Security QRadar to collect the events that Sysmon generates and then analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. In this Powershell attack scenario, a user in your network opens a file that runs a Powershell command, which installs a piece of malware. The malware then steals users' credentials, which allow it to move laterally to other endpoints in your network, infecting them and starting the process over again.


Duration: 8 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

Answer

The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
07 July 2020

UID

ibm16100582