ceramicskate0/sysmon-config

Issues

• I'd 12-14 include

  #97 opened 10 months ago by ceramicskate0
  0

• I'd 11 include

  #96 opened 10 months ago by ceramicskate0
  0

• id 13 12 exclude

  #95 opened 10 months ago by ceramicskate0
  0

• id 17 18 exclude

  #94 opened 10 months ago by ceramicskate0
  0

• id 11 exclude

  #93 opened 10 months ago by ceramicskate0
  0

• id 7 add

  #92 opened 10 months ago by ceramicskate0
  0

• The vulnerable driver blocklist after the October 2022 preview release

  #82 opened 10 months ago by ceramic-skate0
  3

• CLR Usage log

  #87 opened a year ago by ceramic-skate0
  1

• lsass dumper

  #84 opened 10 months ago by ceramicskate0
  0

• Event ID 7

  #85 opened 10 months ago by ceramic-skate0
  0

• DLL Load ID 7 for .net

  #86 opened 10 months ago by ceramic-skate0
  1

• id 5 exclude

  #89 opened 10 months ago
  0

• id 11 exclude

  #91 opened 10 months ago
  0

• id 12 exclude

  #90 opened a year ago
  0

• Look at adding rules from olafhartong-sysmonconfig.xml

  #88 opened a year ago by ceramic-skate0
  0

• add to wiki or readme

  #80 opened a year ago by ceramic-skate0
  0

• exclude id 11

  #74 opened a year ago by ceramic-skate0
  0

• id 3 exempt

  #75 opened a year ago by ceramic-skate0
  0

• id 11 exempt

  #76 opened a year ago by ceramic-skate0
  0

• exclude id 22

  #77 opened a year ago by ceramic-skate0
  0

• id 1 exempt

  #78 opened a year ago by ceramic-skate0
  0

• id7 add

  #79 opened a year ago by ceramic-skate0
  0

• add locations to monitor for writes and dll runs

  #81 opened a year ago by ceramic-skate0
  1

• File create event

  #83 opened a year ago by ceramic-skate0
  1

• CFG disable reg key

  #73 opened 2 years ago by ceramic-skate0
  0

• Exclude id1

  #60 opened 2 years ago by ceramicskate0
  0

• exclude id 22

  #61 opened 2 years ago by ceramicskate0
  0

• exclude id 5

  #62 opened 2 years ago by ceramicskate0
  0

• exclude id 5

  #63 opened 2 years ago by ceramicskate0
  0

• Exclude id 17 18

  #64 opened 2 years ago by ceramicskate0
  0

• Exclude id 1

  #65 opened 2 years ago by ceramicskate0
  0

• exclude id 5

  #66 opened 2 years ago by ceramicskate0
  0

• excluide id 11 2

  #67 opened 2 years ago by ceramicskate0
  0

• refine exclude dllhost id 1

  #68 opened 2 years ago by ceramicskate0
  0

• exclude id 22

  #69 opened 2 years ago by ceramicskate0
  0

• exclude id 2

  #70 opened 2 years ago by ceramicskate0
  0

• exclde id 13

  #71 opened 2 years ago by ceramicskate0
  0

• exclude id 11

  #72 opened 2 years ago by ceramicskate0
  0

• need to modify dll hijack's/sideloads

  #58 opened 2 years ago by ceramic-skate0
  1

• exclude event id 22

  #48 opened 2 years ago by ceramic-skate0
  0

• reg include event

  #49 opened 2 years ago by ceramicskate0
  0

• any file create evnt with .kirbi

  #50 opened 2 years ago by ceramic-skate0
  2

• dll sideload additions

  #51 opened 2 years ago by ceramic-skate0
  0

• dll sideload

  #52 opened 2 years ago by ceramicskate0
  0

• dll sideload

  #53 opened 2 years ago by ceramicskate0
  0

• dll sideload

  #54 opened 2 years ago by ceramicskate0
  1

• dll sideload

  #55 opened 2 years ago by ceramicskate0
  0

• add to pipes

  #56 opened 2 years ago by ceramicskate0
  1

• filecreate (MEM DUMP to disk)

  #57 opened 2 years ago by ceramicskate0
  0

• Exclude for id 12 and 13

  #59 opened 2 years ago by ceramic-skate0
  0