Author: CoreSenses
Subject: Bugs in Sysmon (event manifest)
Posted: 19 August 2014 at 10:53am
Been playing around with Sysmon too. I can see this tool could fill in some gaps.
Subject: Bugs in Sysmon (event manifest)
Posted: 19 August 2014 at 10:53am
Been playing around with Sysmon too. I can see this tool could fill in some gaps.
As for me, I didn't mind very light amount of information on the General tab as there is more information in the Details tab. I didn't have any problem with the manifest during installation of the service. It shows up as intended and survives reboots.
I agree if it could capture the activities within a batch script as well that would be great.
I managed to round up a few machines and loaded Sysmon on them and they all report to a Windows Event Collector. These logs are then collected by the SIEM with all the details.
The only caveat though, in my case, is that you have to configure your Windows Event Collector to save the logs in 'Applications'. Then have the SIEM extract the logs from Application.