Graylog_Sysmon

Advanced configuration for Graylog w/Sysmon

I'll be adding more documentation to this as time permits ;)

Ransomware Detection from: https://fsrm.experiant.ca/

Pipeline Order

sysmon cleanup (gl2_source_fix)
sysmon cleanup

sysmon threatintel
detect ransomware
threat indicators
network threat indicators
add file_created field

sysmon threatintel inflate

Set Message Processor Configuration to the following order:

Message Filter Chain

Pipeline

GeIP Resolver

Name		Name	Last commit message	Last commit date
Latest commit History 67 Commits
Content Pack		Content Pack
Installers		Installers
Pipelines		Pipelines
README.md		README.md