I have questions: - Can you export the log to some centralized logging system with a better interface? - The config file made the results easy to manage but does it mean sysmon didn't log those events or are they just hidden? - Will there be more videos on Sysinternals programs? I really hope so! I'm sure I'll have more questions once I watch this for the 15th time.
Sysmon is installed as a protected service so it's somewhat tamper-resistant (to an extent) but it is definitely possible to clear the logs as an elevated user/with sufficient privileges. Clearing the logs will leave its own artifacts behind though like Security Event ID 1102 which shows that the logs were cleared. This is another reason why it's important to forward endpoint logs like this to a centralized logging server. :)
There's not enough or any good practical tutorials covering the SysInternals suite. Definitely appreciate this
Thank you for dropping this! Definitely been searching for an updated video to learn about sysmon
This is golden! Keep up the good work! Next one should be with LimaCharlie
I have questions:
- Can you export the log to some centralized logging system with a better interface?
- The config file made the results easy to manage but does it mean sysmon didn't log those events or are they just hidden?
- Will there be more videos on Sysinternals programs? I really hope so!
I'm sure I'll have more questions once I watch this for the 15th time.
Amazing content thanks :)!
Quick question: what if you added a command that will delete all the logs? What will you still be able to see?
Sysmon is installed as a protected service so it's somewhat tamper-resistant (to an extent) but it is definitely possible to clear the logs as an elevated user/with sufficient privileges. Clearing the logs will leave its own artifacts behind though like Security Event ID 1102 which shows that the logs were cleared. This is another reason why it's important to forward endpoint logs like this to a centralized logging server. :)
I appreciate mam, you did really good job to making this video thank you for sharing your knowledge with us❤
Thank you so much!
TCM ROCKS!!!!!!!!!
Interesting
Love sysmon, wrote a script for our NinjaRMM that deploys it for everyone!
First
Oh no I accidentally clicked a windows video. Get me out of here
Frist view first comment 🤡