sysmon-config
sysmon-config copied to clipboard
Added WinRM ports and Service names
Thanks for all the hard work this is awesome. I added the WinRM ports 5985,5986 for Event ID 3 and I believe I corrected the Metasploit port. The default port in Metasploit is 4444. It is possible I am not aware of 444 so I figured I would add this just in case it was a typo. I also added some services I believe help better cover what is already there with the 64-bit versions of psexec and netcat and the available c file that can be compiled with netcat.c. I also added an entry for the Sysinternals Suite procdump 32 and 64 bit versions to log possible password dumps from memory.