Open Niklas-PDA opened 3 months ago
Describe the bug We are not able to get ConfigurationFileHash in EventID 16 when changing configuration, only registering as "-"
To Reproduce Change configuration and look at EventID 16
Sysmon version 1.3.3 and 1.3.2
Distro/kernel version Red Hat Enterprise Linux 8.9 (Ootpa) Ubuntu 20.04.6 LTS
Sysmon configuration No configuration avaliable for EventID 16
Logs Jun 25 14:19:02 testhost sysmon[1455]: 16341600x800000000000000088687Linux-Sysmon/Operationaltesthost.domain.local2024-06-25 12:19:02.807./test.xml-
Expected behavior Showing example behaviour as seen in windows sysmon:
Additional context n/a
Describe the bug We are not able to get ConfigurationFileHash in EventID 16 when changing configuration, only registering as "-"
./test.xml-To Reproduce Change configuration and look at EventID 16
Sysmon version 1.3.3 and 1.3.2
Distro/kernel version Red Hat Enterprise Linux 8.9 (Ootpa) Ubuntu 20.04.6 LTS
Sysmon configuration No configuration avaliable for EventID 16
Logs Jun 25 14:19:02 testhost sysmon[1455]:16 3 4 16 0 0x8000000000000000 88687 Linux-Sysmon/Operational testhost.domain.local 2024-06-25 12:19:02.807./test.xml-
Expected behavior Showing example behaviour as seen in windows sysmon:
.\test.xmlSHA256=4567546754675467KJHKJ3456LKJ453634KJLH345L6KJH345LK6JH345KJ6H34LAdditional context n/a