This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License, please attribute to TrustedSec LLC
Share — copy and redistribute the material in any medium or format.
Adapt — remix, transform, and build upon the material.
The authors encourage you to redistribute this content as widely as possible, but require that you give credit to the primary authors below, and that you notify us on GitHub of any improvements you make.
-
Sysmon Events
-
File Events
Microsoft Sysinternals Sysmon is an ever changing piece of software provided by Microsoft free for its users. As such it is constantly being updated and new featured are added. As it relates to configurations this guide tries to be as open as possible since each environment is unique and recomendations are based on these contraints as much as possible. The guide is made Open Source so that as Sysmon evolves the comunity helps in expanding and maintaining the guide.
Please use the issues system or GitHub pull requests to make corrections, contributions, and other changes to the text - we welcome your contributions!
This guide was originally written and edited by Carlos Perez of TrustedSec LLC.
- MIT license
- Copyright 2020 © TrustedSec LLC.