Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): VirtualBox
Vagrant Version (if applicable): 2.3.2
Hello! I noticed that sysmon event 11, file creation, is not logging for files created under certain directories, such as the user profile on win10.windomain.local or wef.windomain.local. I looked through the sysmon config file located at C:\ProgramData\Sysmon on wef.windomain.local and didn't see any rules that would exclude this.
On Win10, running this command:
...I see the following sysmon log:
However, running the following:
I don't see the log in Splunk or the Event Viewer on Win10.
Hello! I noticed that sysmon event 11, file creation, is not logging for files created under certain directories, such as the user profile on win10.windomain.local or wef.windomain.local. I looked through the sysmon config file located at C:\ProgramData\Sysmon on wef.windomain.local and didn't see any rules that would exclude this.
On Win10, running this command:
...I see the following sysmon log:
However, running the following:
I don't see the log in Splunk or the Event Viewer on Win10.
Any suggestions on what may be causing this?
Thanks, and love the project btw!