Replies: 1 comment
-
|
This is not really how Sysmon works. Sysmon is a driver that generates
telemetry which will end up in its own EVTX file.
I think your looking more for a solution like Sigma together with a tool
like Chainsaw to a analyze it offline.
https://github.com/countercept/chainsaw
On Mon, 27 Jun 2022 at 06:12, sajid36 ***@***.***> wrote:
It would be great if we could run these sysmon-event detection and to
MITRE-mapping for offline analysis. Lets say we have collected a bunch of
.evtx files and then run these sysmon rules to perform post-mortem analysis.
—
Reply to this email directly, view it on GitHub
<#138>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB6FXC4W53XHS6B4ZLUBANTVREZ3XANCNFSM5Z5FM2KQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
…--
https://olafhartong.nl
+31 6 20604042
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
It would be great if we could run these sysmon-event detection and to MITRE-mapping for offline analysis. Lets say we have collected a bunch of .evtx files and then run these sysmon rules to perform post-mortem analysis.
Beta Was this translation helpful? Give feedback.
All reactions