SysmonCommunityGuide

SysmonCommunityGuide copied to clipboard

Added links to tools that can be used to convert the configuration binary blob stored in the registry back to XML

thejanit0r

Controls reverse DNS lookup by Default is True. To disable, you need to specify as false

giomke

Detect built-in cmd commands

5

How Can sysmon detect execution of built in cmd commands such as echo, mkdir, del etc.?

explorer125

process-events.md: Description of Process GUIDs is not right.

3

Looking at the Sysmon/Linux sources, GUIDs are constructed by concatenating the "machine id", the start time of the process (UNIX-style, seconds since 1970-1-1), and a "process start key" which is...

hillu

Does sysmon64 lock/remove files?

9

We've been having a very strange issue with a particular Azure Devops pipeline over the last few months. We have three build agents, and the pipeline would consistently fail on...

lesscodedotnet

I gathered some details on updates for the [changelog](../blob/master/chapters/sysmon-changelog.md), but as I wasn't able to gather feature details for each individual release, I'm not creating a pull request. Here are...

Und3rf10w

Example usage of is-any feature new to sysmon v11.0

1

In [Sysinternals Video Update for June 2020](https://www.youtube.com/watch?v=HCZlJDKUqn0) on Youtube, minute 4:45 describes a new feature of sysmon v11 providing new "is-all" filtering condition as ability to specify multiple conditions and...

dstaulcu