Can help show me the code how to sysmon use eventID 23, 26 ?

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.68k stars 1.69k forks source link

Can help show me the code how to sysmon use eventID 23, 26 ? #189

Open sokvathana opened 6 months ago

sokvathana commented 6 months ago

Dear Sir/Madam, May can you help show me the xml code to create sysmon eventID 23, 26 to track file deteted in window server a little bit that detect local user and domain user.

Thanks regard.

Copperfie1d commented 6 months ago

Hi, you can find in repository:https://github.com/olafhartong/sysmon-modular