Sysmon

Description

System Monitor (Sysmon) is a Windows system service and device driver that remains resident between system reboots to monitor and log system activity to the Windows event log once installed on a system. It provides detailed information on process creations, network connections, and changes to file creation times.

Configuration

Warning

Target OS: Windows

No API token or ID is required. It sends the logs to the default enabled Logstash of the topology.

How to enable

You only need to click on the Add button to deploy Sysmon.

Usage

You need to activate a SIEM in order to check Logstash logs.