I'm a begginer I just started learning threat hunting and finished my first hands-on practice using Sysmon. I simulated basic PowerShell commands through CMD, and manually analyzed the logs in Event Viewer to familiarize myself in sysmon.
my next task after familiarizing myself to sysmon is to use splunk, does this hands on practice is good?
Would love any advice from blue team pros. Thanks!
submitted by /u/Wise-Prune-8041
[comments]
Source link