TrustedSec Sysmon Community Guide
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License, please attribute to TrustedSec LLC
You are free to:
Share β copy and redistribute the material in any medium or format.
Adapt β remix, transform, and build upon the material.
The authors encourage you to redistribute this content as widely as possible, but require that you give credit to the primary authors below, and that you notify us on GitHub of any improvements you make.
Table of Contents
-
Sysmon on Windows
-
Sysmon on Linux
-
Sysmon Events
-
File Events
Current State:
Microsoft Sysinternals Sysmon is an ever changing piece of software provided by Microsoft free for its users. As such it is constantly being updated and new featured are added. As it relates to configurations this guide tries to be as open as possible since each environment is unique and recomendations are based on these contraints as much as possible. The guide is made Open Source so that as Sysmon evolves the comunity helps in expanding and maintaining the guide.
Contributing
Please use the issues system or GitHub pull requests to make corrections, contributions, and other changes to the text - we welcome your contributions!
Credits
This guide was originally written and edited by Carlos Perez of TrustedSec LLC.
- MIT license
- Copyright 2020 Β© TrustedSec LLC.