-
Josh, Was just checking to see if you had a chance to write ELSA parsers for the rest of the sysmon events as you mentioned here?
https://groups.google.com/forum/#!searchin/security-onion/sysmon%7Cso…
-
When I use the V2.6 version of WindTerm to link to Ubuntu Server 22.…
-
@nywilken @create-atl-delete I've used the above user_data_file and successfully authenticated via SSH over SSM on Windows. However, my PowerShell scripts are not executing on the packer builder insta…
-
**What is the bug?**
A sigma rules with a whitespace gets incorrectly translated to a search query with "_ws_" instead of a whitespace.
**How can one reproduce the bug?**
detection:
condition:…
-
https://stackoverflow.com/questions/78876980/threat-detection-with-sysmon-csv-log-using-sigma-rules
-
https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml
-
This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new…
-
**Describe the bug**
On multiple of our machines running Sysmon for Linux, we have noticed Sysmon for Linux occupying an ever-increasing amount of memory until the OOM killer steps in and terminates …
-
Parse_description, does not parse sysmon description::key. Cause the delimiter over there is specified by /r/n
Is it possible to have a support for sysmon, to parse_description?
-
I would like to request the addition of support for Fedora 40 in the Sysmon for Linux package. Currently, the available installation instructions only cover up to Fedora 38. As Fedora 40 is now availa…