Forum Discussion
mathurin68
Sep 13, 2021Brass Contributor
Sysmon worth using in addition to Defender ATP?
I'm trying to get opinions if sysmon is worth using alongside Defender ATP? The logs would be going into Splunk, if that helps, but just in general. (Disclaimer: I have asked this in a couple...
GuyThreep
Sep 22, 2021Copper Contributor
We do exactly this. There's certainly going to be significant overlap, but having a configuration that is able to be tuned to your needs (Sysmon) is incredibly useful. We've been doing testing of different attacker techniques and there are things you can log via Sysmon that won't show up in the ATP timeline (eg named pipes). And aside from that there's always the advantage of being able to access the data from a common interface with your other logs when sending to your SIEM.