- 1009771 - Microsoft Windows Sysmon Events - 1
- 1009777 - Microsoft Windows Sysmon Events - 2
Detecting MITRE ATT&CK techniques using Sysmon
Configuring Sysmon for use with the Log Inspection rules
- Download Sysmon from https://download.sysinternals.com/files/Sysmon.zip and extract the contents to a temporary folder.
- Download the configuration file (DSSysmonConfig.zip) from here (SHA256-2974c7a6403e395e4acd3b1b6103e41f0c7d1d30dfb68627aa2dea30d76dcf0e) and extract the contents to the same folder as in Step 1.
- Open an elevated command prompt in the same directory as the extracted file in steps 1 and 2 and run the following command: sysmon.exe –accepteula –I DSSysmonConfig.xml
Configuring the Log Inspection Rules in Deep Security