Removed duplicate, added new network rules

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.8k stars 1.71k forks source link

Closed Neo23x0 closed 7 years ago

Neo23x0 commented 7 years ago

Removed my duplicate entry 'powershell.exe'
Added new remote access tools network connection rules (to see where an attacker came from and where he jumps to)
Added often exploited services with dedicated service executable network connection rules

Neo23x0 commented 7 years ago

Resolved the conflict - ready to merge