Closed dougburks closed 5 years ago
newer versions of OSSEC may already include sysmon decoders: https://github.com/ossec/ossec-hids/releases
Wazuh already includes sysmon decoders, so this will happen automatically as part of #708
submitted for testing: https://groups.google.com/d/topic/security-onion-testing/kfn9Yb3n0xw/discussion
https://github.com/defensivedepth/Sysmon_OSSEC