match to windows defender ATP logs as well as sysmon

Question

match to windows defender ATP logs as well as sysmon

Opened this issue 5 years ago · 2 comments

don't you guys talk to each other at MS security dev/teams/products or am I missing something here?

;-) awesome work!!! really appriciated!

Answer 1 · 2019-08-20T08:30:55.000Z

great point, thanks. yes we plan to but we started with one source, being one we're quite well versed in :)
Defender is on the list for sure!

Answer 2 · 2019-08-20T10:54:28.000Z

hey olaf, i honestly thought this was a MS run github repo, hence the ask for MDATP. cool stuff i can see why you choose sysmon based on your privious work and sysmon is free too!