Open besimorhino opened 2 years ago
sysmon-config is not much maintained now. sysmon modular or Neo23x0 fork (https://github.com/Neo23x0/sysmon-config) are preferable.
On sysmon for linux, mstic team one: https://github.com/microsoft/MSTIC-Sysmon/tree/main/linux/configs
Please be sure to add a few elements to the
sysmon
entry in the tools section.Please include info about how sysmon's configuration is managed by the xml file.
Also point out that the default sysmon config is NOT apropriate for logging (it's more for debug and troubleshooting). I'd like it if you included pointers/suggestions that folks use either the Swift on Security config (as a good getting started set) https://github.com/SwiftOnSecurity/sysmon-config
or use sysmon modular (total fine grained control over everything) https://github.com/olafhartong/sysmon-modular