This diagram illustrates the correlation between Sysmon Event IDs, their corresponding detection capabilities in terms of MITRE ATT&CK techniques, and the types of attacks they can detect.
Sysmon Event IDs, Detection Capabilities, and Attack Types
—
by