Jack-McDowell
commented
4 years ago This may violate sysinternals' licensing. See https://docs.microsoft.com/en-us/sysinternals/license-faq Perhaps if we have BLUESPAWN download it from the official sysinternals site only after user agreeing to it, it will be fine. We also have to require the user to accept the EULA for it.
Need to draft a good default config too or decide to rely on another open source project like Olaf's awesome sysmon-modular