Too Long; Didn't Read
<a href="https://hackernoon.com/tagged/tools" target="_blank">Tools</a> like Sysmon and Osquery are useful in detecting anomalous behavior on endpoints. These tools give us good visibility of what’s happening on endpoints by logging multiple types of events, which we can forward to a SIEM or other correlation system for analysis.