Threats detection and analysis based on SYSMON tool

Abstract

In this work, an nalysis for the study of threats in a real environment with the possibility of conducting a fullfledged analysis of threats, as well as their simulationhas been developed for research purposes. Designed laboratory was built for the threats research, specification of deploying and configuring Sysmon, imitation of an attack in laboratory conditions and its investigation by implicit signs, the processesing of threat analysis using the Sysmon tool. We present a system based on the analysis of continuous input chan-nels of Sysmon logs. The system is based on the Cyber Threat Analysis Ontology and analyzes SYSMON logs to classify software according to different threat levels and enhance cyber defense capabilities with situational awareness, prediction and auto-mated actions. The developed laboratory improves the effectiveness of threat analysis using the Sysmon tool, makes study of threats, deploying and configuring Sysmon, imitation of an attack in laboratory conditions and its investigation by implicit signs. It can be applied for the study of threats in a real environment with the possibility of conducting a full-fledged analysis of threats, as well as their simulation for research purposes.