Explore advanced endpoint detection techniques using Sysmon in this 26-minute conference talk from Derbycon 2019. Gain insights into cost-effective methods for enhancing your cybersecurity capabilities as Olaf Hartong delves into topics such as attack support, data source references, and the evolution of Sysmon features. Learn about directory structures, name annotation, and data voyager tools to improve your investigative workflow. Discover how to overcome challenges in app structure, reporting, and filtering, while also understanding network connections. Conclude with a roadmap for future developments in endpoint detection and response.