dstaulcu
commented
1 year ago Take a look at the .\default\savedsearches.conf file to start to gain an understanding for yourself. A quick review on my instances shows 151 scheduled searches with 142 of those referencing sysmon output. 82 of the 151 searches reference output from either sysmon or wineventlog. I haven't taken a close look at whether whitelist management dashboards support anything but sysmon effectively.
Hello Team,
Just want to know that for hunting by using this app requires Sysmon logs or it can be directly work on windows logs...?
Thanks in Advance...