Forum Discussion
mathurin68
Sep 13, 2021Brass Contributor
Sysmon worth using in addition to Defender ATP?
I'm trying to get opinions if sysmon is worth using alongside Defender ATP? The logs would be going into Splunk, if that helps, but just in general. (Disclaimer: I have asked this in a couple...
simon_poortman
Sep 13, 2021Copper Contributor
Active to defender
mathurin68
Sep 13, 2021Brass Contributor
Hey Simon, thanks for the response but I don't understand.
- SteBeSecSep 18, 2021Iron Contributor
Hi,
I think this highly depends on your needs. I had some discussions with researchers and the conclusion was that Defender ATP (MDE) detects a lot of things that Sysmon does, but Sysmon can get even a bit more data and you are more flexible in distributing this data to your siem.
It highly depends on your needs and your environment.- mathurin68Sep 20, 2021Brass ContributorThanks, thats kind of how I feel about it.