Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Sysmon can give commandline args, we can use that to get commandline arg length to detect fileless malware. We can do this by counting chars in commandline args for both parent and target commandline args.
Sysmon can give commandline args, we can use that to get commandline arg length to detect fileless malware. We can do this by counting chars in commandline args for both parent and target commandline args.