Deploying Sysmon through Group Policy (GPO) Preferences

In my previous post I explained how to leverage Group Policy Preferences to deploy and update Sysmon configuration in the enterprise. I decided to write a script to automate the entire process. What you need to have in order to run this script? A baseline computer with the following: Sysmon installed and Sysmon XML configuration…

0

Update: Sysmon configuration file version 8

This new version of config_v8.xml adds the latest additions from Sysmon : FileCreateStreamHash events PipeEvent events WmiEvent events In addition, the XML was cleaned and all the events categories are now ordered by the event number. Link to file: https://github.com/MotiBa/Sysmon/ 

0

Sysinternals Sysmon suspicious activity guide

Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background all the time, and is writing events to the event log. You can find the Sysmon events under the Microsoft-Windows-Sysmon/Operational event log. This guide will help you to investigate and appropriately handle these events….

16