Closed Koifman closed 1 week ago
Thanks for opening the issue @Koifman
Just FYI everytime a service install an 7045 EID will occur as well as a 4697 if the policy is enabled. In some RMMs we were explicit in mentioning, and in others not. I will get this fixed but as a general rule one of them is enough.
Its like saying Sysmon EID 1 or Security 4688.
Thanks.
RMM Tool Name
AnyDesk
Type of Update
Forensic Artifact
Update Details
Hi team! Thank you so much for this project, it is already of great use to me and for everyone else I believe.
I wanted to bring to your attention: https://lolrmm.io/tools/anydesk#event-log-artifacts
In here, we see only the "service installed" log from the system log file, but it seems like the 4697 event ID from the security log file is not present. I have tested installing Anydesk and it does indeed generate that event ID:
I hope I'm not wasting your time with this, and it is actually something that can be added. Thank you in advance, Daniel.
References
Image attached in the ticket