match to windows defender ATP logs as well as sysmon
Opened this issue · 2 comments
ssi0202 commented
don't you guys talk to each other at MS security dev/teams/products or am I missing something here?
;-) awesome work!!! really appriciated!
olafhartong commented
great point, thanks. yes we plan to but we started with one source, being one we're quite well versed in :)
Defender is on the list for sure!
ssi0202 commented
hey olaf, i honestly thought this was a MS run github repo, hence the ask for MDATP. cool stuff i can see why you choose sysmon based on your privious work and sysmon is free too!