00:00 - Intro
01:10 - Installing Sysmon and the configuration from Neo23x0's Repo
02:00 - Explaining the file blocked section
04:00 - Viewing the Sysmon log to confirm it is installed and see its EvendID 27
05:10 - Creating a Scheduled Task with Event Filter to trigger on Sysmon File Blocked Events
07:30 - Event did fire turns out it is case sensitive
08:50 - Editing the Scheduled Task event by hand to add ValueQueries which allows arguments to be sent from this Event Filter
11:30 - Testing the passing of variables by adding them to the message box
12:50 - Start of creating some powershell to send this message to Slack
16:30 - Have trouble getting arguments into the powershell script because of Base64 Endcoding, change up our script
23:10 - Showing a working copy of the powershell script that sends slack messages
25:45 - Deploying our scheduled task through Group Policy
28:50 - Editing the scheduled task XML file from sysvol
Support the originator by clicking the read the rest link below.
