Windows Sysmon Source Declarations

awslabs / kinesis-agent-windows

An extensible Windows agent that ingests logs and metrics to AWS services such as Kinesis Stream, Kinesis Firehose, CloudWatch Logs and CloudWatch.

Apache License 2.0

39 stars 22 forks source link

Windows Sysmon Source Declarations #10

Closed ghost closed 4 years ago

ghost commented 4 years ago

Is there currently a Windows Sysmon Source Declaration? Are there any plans to develop one?

The Sysmon collector allows for several endpoint related events to be streamed.

https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

Thank you in advance.

dhhoang commented 4 years ago

Hi @secdev-01 , It looks like Sysmon generates events to Windows Event logs. Have you tried collecting the events from the "Applications and Services Logs/Microsoft/Windows/Sysmon/Operational" log?

ghost commented 4 years ago

I'll give that a try , thanks.