Differences between Microsoft Defender ATP and Sysmon? RRS feed

  • Question

  • We will be wading into the EDR waters and I have experience with Sysmon, but I was wondering what the differences are, if any, Microsoft Defender ATP and Sysmon. 

    Will I not get as much granularity from the Defender ATP logs as I would Sysmon logs?


    Friday, August 23, 2019 3:29 PM

All replies

  • ATP provides you comprehensive and usable reports related to cybersecurity issues and you could easily understand them. You will have to try it out to see whether it meets your requirements.
    Thursday, September 5, 2019 4:31 PM