LME icon indicating copy to clipboard operation
LME copied to clipboard

Published 20 hours ago verified publisher icon cisagov

Look at latest Sysmon release

Open llwaterhouse opened this issue 1 year ago • 4 comments

What side effects will there be? Will the uninstall Sysmon script be useful when updating Sysmon?

llwaterhouse avatar Nov 20 '23 20:11 llwaterhouse

Uninstall script will work with latest sysmon version

dkorzhevin avatar Nov 23 '23 15:11 dkorzhevin

Should we choose a version of Sysmon for our users? What problems could occur if we don't know which version of Sysmon they're using?

llwaterhouse avatar Jan 17 '24 16:01 llwaterhouse

We also need to add in a todo to update the installers to allow for a sysmon version. I am just grabbing the one from the readme.

cbaxley avatar Jan 17 '24 23:01 cbaxley

I believe the link in the Readme always points to the latest version of Sysmon. So we don't know what version of Sysmon they are using. Do we tell them how to update their version of Sysmon? I only see instructions when they're going from 0.5 to 1.0, not later on.

Does it matter if different clients are using different versions of Sysmon? or sysmon.xml?

What are the implications of using a different sysmon.xml file? Could the user change the sysmon.xml file down the road if they want to use the more robust version?

llwaterhouse avatar Jan 18 '24 23:01 llwaterhouse