@markrussinovich@SwiftOnSecurity Our new #Sysmon Registry dashboard allows you to drill into registry events like registry_value_set and registry_create_delete:
If you want the quickest and easiest way to try out #SecurityOnion, just follow the screenshots below to install an Import node and then optionally enable the Analyst Workstation. This can be done in a minimal VM with only 4GB RAM!