You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please keep just a simple snippet in the README (or in the inline comments), to understand when are the conditions being OR-ed & when are the conditions being AND-ed.
Example: https://pastebin.com/MdR8KGcs
(the text in the angle brackets were not showing up, so pasted the query at pastebin - simple ascii)
I did some testing, but can't get this to work:
If I want to log only network connection events when the destination port is 80 or 443 and the originating process is chrome.exe, how do I do that ?
The text was updated successfully, but these errors were encountered:
@gwsales Thank you ! I was wondering if I was the only person who was seeing that (I certainly know I'm not, but then why does the developer say that the AND condition works in the official Sysmon download page.)
Tons of infosec people are using Sysmon, and this config is called out everywhere as a reference guide. Requesting the author (or any of the experienced community leaders) to please help clarify this one seemingly simple & basic question.
Please keep just a simple snippet in the README (or in the inline comments), to understand when are the conditions being OR-ed & when are the conditions being AND-ed.
Example: https://pastebin.com/MdR8KGcs
(the text in the angle brackets were not showing up, so pasted the query at pastebin - simple ascii)
I did some testing, but can't get this to work:
If I want to log only network connection events when the destination port is 80 or 443 and the originating process is chrome.exe, how do I do that ?
The text was updated successfully, but these errors were encountered: