sysmon-config

sysmon-config copied to clipboard

Crash: Sysmon v13.00 + sysmonconfig-export.xml

5

When running the latest version of sysmon in conjunction with the config file, the program crashes (e.g. "Sysmon.exe -accepteula -i sysmonconfig-export.xml"). However, when installing it without the config file, it...

BeanBagKing

MiniNT registry key check

2

added a MiniNT regkey check, as it can be used to disable security event logging

ThisIsNotTheUserYouAreLookingFor

Modification: Under group add: 0x1010 That will catch when tools like mimikatz trigger a credential dump. 

deftoner

update configuration

1

Hi @all, is it planned to extend the configuration with event id 23?

Achi79

Sysmon installation issue

1

Hi, Need help with installing Sysmon on Windows 10 and Windows Server 2012 R2. I am getting the following error after running the command: **_sysmon64.exe -i_** **ERROR** wevtutil.exe returned failure...

MarkAndreson

This config used with Sysmon 11.0 can cause bad network file open/save delays on Windows file servers.

4

A bug in Sysmon 11.0, which is supposedly fixed in a soon to be released 11.10 version of Sysmon, causes crippling delays during network file open and save events when...

branchnetconsulting

Dunno if you already decided this before, but can you add to the configuration of the event 15 the exe and dll files? I was trying to test manually this...

joydragon

File updated - Sysmon Event ID

1

For custom rules as file overwrite / create which Event ID should we use to logs changes? Event ID 11 or 2? For example I need log file when changed...

kont45

In the Process Creation section, MS Edge is now out of Dev so the file path could be changed. Or a new path added?

neildotwilliams

EventID 15: FileCreateStreamHash recording N times in eventviewer

3

After enabling the FileCreateStreamHash event in sysmon, I am downloading one file from the browser, but in the event viewer, it is showing N(sometimes 3,4) entries of the same file...

Yuvraj-Takey