Edoardo Gerosa

Hi @lafriks and thanks for opening this issue. You do have a point and i'll look into it. At the moment DELATOR only mines certificate [common names](https://github.com/netevert/delator/blob/master/delator.go#L231). I need to...

Hi @MathiasVandePol you are most right. I'll add your recommendation as part of the issues to be addressed in the next versions

In the current sysmonconfig.xml we only have exclusion rules for Sysmon EventID 22 defined at the moment; there is definitely scope to insert inclusion rules mapped to MITRE ATT&CK. Looping...