Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sysmon v15.0 & 29 Events #183

Open
Achi79 opened this issue Jun 30, 2023 · 2 comments
Open

Sysmon v15.0 & 29 Events #183

Achi79 opened this issue Jun 30, 2023 · 2 comments

Comments

@Achi79
Copy link

Achi79 commented Jun 30, 2023

This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.

There are now 29 events. Will this config be updated?
@harrisoncattell
Copy link

I would also like to see this config update to include these new events. The default config that ships with sysmon isn't nearly as powerful as this one.

@jttrey3
Copy link

jttrey3 commented Apr 2, 2024

The template has been very helpful, though guidance for the new event IDs would be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@harrisoncattell @Achi79 @jttrey3