-
### Description of the feature, modification, idea or suggestion
Add more details to System Informer's window title to support showing the Session \ Window Station \ Desktop, and perhaps some textu…
AltF5 updated
2 years ago
-
Example:
search_multiple:C:\Windows\explorer.exe`Integritylevel: system~Microsoft-Windows-Sysmon/Operational~1
show as ONLY "C:\Windows\explorer.exe" in debug function under "Search_Rule".
Possib…
-
I currently had to wipe Sysmon from our enterprise environment and wanted to purge/remove all the C:\Sysmon folders off the devices as this pertained to the FileDelete preservation.
However, the is…
-
https://github.com/SigmaHQ/sigma
https://github.com/SigmaHQ/pySigma
https://github.com/SigmaHQ/sigma-cli
Initilally R&D the find how to create automation to convert rules in datalaiQ query
-
Adobe Reader を飛ばそうとするとエラーになってしまう。なんでだ?
-
Hello,
I developed A.dll with OSB libs(use IGraphicsCaptureItemInterop::CreateForMonitor),A.dll used default UAC level like:
![image](https://github.com/microsoft/Windows.UI.Composition-Win32-Sample…
-
https://github.com/beave/sagan-rules/blob/6f87a80f7a1662e6fd90bc75f891c1c0637c6e7e/windows-sysmon.rules#L86
Seems to detect
1: Process Create: RuleName: UtcTime: 2019-01-08 03:18:51.728 Process…
-
### Executed MSDTC in elevated terminal RUNDLL
```
{
"_index": "wazuh-archives-4.x-2022.07.14",
"_type": "_doc",
"_id": "NnDT-4EByFMBBPzyxS-s",
"_version": 1,
"_score": null,
"_sou…
-
Any:
Trying to understand config fully.
Under ProcessCreate onmatch='exclude' I expect that all processes created on the system running sysmon to be logged except what we specify in the stanza'…
-
# Bug report
### What operating system and version are you using?
Different Linux OS platforms and versions
ubuntu (22.04.3 LTS, 22.04.04 LTS, 20.04.4 LSTS)
rhel (Red Hat Enterpris…