importing pcap to Sysmon viewer

[iD4rksid3]

I run sysmonBox and then opened sysmon viewer > imported pcap but I can't find any additional data e.g the pcap related to a dns query, or am I missing something, how does it work?

[nshalabi]

Thank you for your feedback.

I am currently reviewing it, SysmonBox definitely needs more testing and enhancements, there are threading issues reported too when attempting to dump the Sysmon events logs, so a correlation might not happen between captured packets and Sysmon events logs.