Does it require Sysmon...?

[Logeshrathinakumar]

Hello Team,

Just want to know that for hunting by using this app requires Sysmon logs or it can be directly work on windows logs...?

Thanks in Advance...

[dstaulcu]

Take a look at the .\default\savedsearches.conf file to start to gain an understanding for yourself. A quick review on my instances shows 151 scheduled searches with 142 of those referencing sysmon output. 82 of the 151 searches reference output from either sysmon or wineventlog. I haven't taken a close look at whether whitelist management dashboards support anything but sysmon effectively.