SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing
4.68k stars 1.69k forks source link

Added WinRM ports and Service names #145

Open tobor88 opened 3 years ago

tobor88 commented 3 years ago

Thanks for all the hard work this is awesome. I added the WinRM ports 5985,5986 for Event ID 3 and I believe I corrected the Metasploit port. The default port in Metasploit is 4444. It is possible I am not aware of 444 so I figured I would add this just in case it was a typo. I also added some services I believe help better cover what is already there with the 64-bit versions of psexec and netcat and the available c file that can be compiled with netcat.c. I also added an entry for the Sysinternals Suite procdump 32 and 64 bit versions to log possible password dumps from memory.