This is a 47 minute tutorial of hunting for APT 29 using Windows Sysmon logs stored in an Elasticsearch cluster.


Apparently, I think everything is "interesting."



Check out Valentina Palacin's book on threat hunting:
https://www.amazon.com/Practical-Thre...