SwiftOnSecurity sysmon-config issues

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.68k stars 1.69k forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Update NetworkConnect rule to fix Metasploit default port

#143 brokenvhs opened 3 years ago
0
Wrong Port for Metasploit in NetworkConnect Rule

#142 brokenvhs opened 3 years ago
1
DNS Query - Exclude hostname resolution on localhost - EventID 22

#141 ivicaagatunovic closed 3 years ago
1
Ransomware artifacts added to File Creation config

#140 sduff opened 3 years ago
2
SANS Commandline browser

#139 ChrisM65 opened 3 years ago
0
Duplicate entry

#138 ChrisM65 opened 3 years ago
0
pullFromSoS210121

#137 8u8 closed 3 years ago
0
Crash: Sysmon v13.00 + sysmonconfig-export.xml

#136 BeanBagKing opened 3 years ago
5
Sysmon de-installed. Still many EventID 1001, APPCRASH Sysmon64.exe (every 20 sec)

#135 Wim277 opened 3 years ago
4
RE: sysmonconfig-export.xml

#134 zabboto opened 3 years ago
1
Adding GrantedAccess filter for catching credential dump.

#133 deftoner opened 3 years ago
0
update configuration

#132 Achi79 opened 3 years ago
1
Sysmon performance issues

#131 Cappucinoes closed 3 years ago
3
MiniNT registry key check

#130 ThisIsNotTheUserYouAreLookingFor opened 3 years ago
2
Sysmon installation issue

#129 MarkAndreson opened 3 years ago
1
Update Q3 2020

#128 axi0m closed 3 years ago
0
Configuring EventId 15 for exe and dll files

#127 joydragon opened 3 years ago
0
File updated - Sysmon Event ID

#126 kont45 opened 4 years ago
1
ProxyEnable Setting in Registry

#125 Neo23x0 closed 3 years ago
0
join with new version

#124 y0d4a closed 4 years ago
0
Edge is out of Dev

#123 neildotwilliams opened 4 years ago
0
This config used with Sysmon 11.0 can cause bad network file open/save delays on Windows file servers.

#122 branchnetconsulting opened 4 years ago
4
EventID 15: FileCreateStreamHash recording N times in eventviewer

#121 Yuvraj-Takey opened 4 years ago
3
Added logging for Outbound SMB Traffic.

#120 d4rk-d4nph3 closed 3 years ago
1
Added Consent Store to included registry paths

#119 svch0stz closed 3 years ago
0
Added detection for CVE-2017-0199 and CVE-2017-8759.

#118 d4rk-d4nph3 opened 4 years ago
2
No Sysmon Event ID 1 events are being logged

#117 lindonzoo opened 4 years ago
3
Didn'n instaled with -n parameters.

#116 slavaNBA opened 4 years ago
4
Printer port changes as used in CVE-2020-1048

#115 Neo23x0 opened 4 years ago
0
Ok, installed and ran sysmon ... Now what?

#114 quantuumsnot opened 4 years ago
2
Delete 'z-AlphaVersion.xml'-related text and link

#113 wikijm closed 3 years ago
1
Broken link in README

#112 evandrix opened 4 years ago
0
Wrong Metasploit default port on sysmon-config > Alert,Metasploit

#111 snake-jump opened 4 years ago
1
Missing dot could allow inadvertent whitelisting

#110 Demuxx opened 4 years ago
0
Remove dead link to Alpha version with DNS logging

#109 jjrbg closed 4 years ago
1
Update sysmonconfig-export.xml

#108 harmonkc opened 4 years ago
0
Changed the bypassable DNS hostname checks

#107 MaxNad opened 4 years ago
0
Added most of the missing LOLBAS for downloading executables

#106 MaxNad closed 2 years ago
1
Change Metasploit Alert port from 444 to 4444

#105 ION28 closed 2 years ago
3
Add exclusion for Azure MMA agent | Add exclusion for IPAM GP PS script | Add exclusion for MonitorKnowledgeDiscovery

#104 adrwh opened 4 years ago
0
can't exclude event with sysmon v10.42

#103 soukoye opened 4 years ago
4
Fixed wdigest registry path

#102 qz8xTD closed 2 years ago
1
Include Imphash

#101 Neo23x0 closed 4 years ago
4
unnecessary shout out to Alpha version for DNS logging

#100 itpropaul closed 2 years ago
1
templating for easier maintaining

#99 brettowe opened 4 years ago
2
Add scripting filename targets

#98 bartblaze closed 2 years ago
1
Included some of the entries from PR to sysmonconfig-export.xml

#97 cudeso closed 2 years ago
1
Possible Typo - Line 509

#96 mc22catch closed 4 years ago
1
IMAP port typo error

#95 zulik opened 4 years ago
1
The description for Event ID 1 from source Microsoft-Windows-Sysmon cannot be found

#94 rdf6 opened 4 years ago
2

Previous Next