- 1009771 - Microsoft Windows Sysmon Events - 1
- 1009777 - Microsoft Windows Sysmon Events - 2
Detecting MITRE ATT&CK techniques using Sysmon
Configuring Sysmon for use with the Log Inspection rules
- Download Sysmon from https://download.sysinternals.com/files/Sysmon.zip and extract the contents to a temporary folder.
- Download the configuration file (DSSysmonConfig.zip) from here (SHA256-FE58611D855596141109EF835EF3FB8D06DCE283E430648A7374BA26415AFA4F) and extract the contents to the same folder as in Step 1.
- Open an elevated command prompt in the same directory as the extracted file in steps 1 and 2 and run the following command: sysmon.exe –accepteula –I DSSysmonConfig.xml
Configuring the Log Inspection Rules in Deep Security