sysmon-config

sysmon-config copied to clipboard

Event Id 10 not being generated

1

Event ID 10 is not been logged and I am unable to get any logs related to event id 10 in windows.

neverkknown

Outdated link inside the sysmon-config

1

This line inside the sysmon-config peaked my interest but when i open the link i get to a bing homepage. ` NOTE: To collect Sysmon logs centrally for free, see...

mab0189

The description for Event ID 1 from source Microsoft-Windows-Sysmon cannot be found

2

The following message is prepended to the top of every Sysmon event for every Event ID: `The description for Event ID # from source Microsoft-Windows-Sysmon cannot be found. Either the...

rdf6

Own Microsoft Sentinel Workbook is planned? Or recommended Microsoft Sentinel Workbook?

2

Hello, I begin use Microsoft Sentinel and I want use your sysmon config. But I missing Microsoft Sentinel Workbook for this sysmon config. Is in plan? Or can you recommend...

michalzobec

Sysmon for Linux

3

Is there any good config out there for sysmon on linux?

reuvygroovy

I added some file extensions these are used for infection and exploitation.

matcha-shake

Hi, On a fresh install following the Sysmon-documentation regarding install, I receive a number of parser errors. These errors also pop up after installation changing the configuration with the -c...

j8ter

IMAP port typo error

1

Going over the config, I found a tiny error.. 142

zulik

RE: sysmonconfig-export.xml

1

Line 335: 444 **Issue:** I noticed that the line above indicates '444' as the default Metaspolit destination port, but I think the default listener is actually '4444'. Let me know...

zabboto

hello there, I want to get logs like New-*, Get-*, Invoke-*, ..... etc. i can't find it from sysmon configure and can you please advise?

fullzlop