harrisoncattell
commented
1 year ago I would also like to see this config update to include these new events. The default config that ships with sysmon isn't nearly as powerful as this one.
Open Achi79 opened 1 year ago
harrisoncattell
commented
1 year ago I would also like to see this config update to include these new events. The default config that ships with sysmon isn't nearly as powerful as this one.
jttrey3
commented
4 months ago The template has been very helpful, though guidance for the new event IDs would be appreciated.
This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.
There are now 29 events. Will this config be updated?