Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does it require Sysmon...? #112

Open
Logeshrathinakumar opened this issue Mar 21, 2023 · 1 comment
Open

Does it require Sysmon...? #112

Logeshrathinakumar opened this issue Mar 21, 2023 · 1 comment

Comments

@Logeshrathinakumar
Copy link

Hello Team,

Just want to know that for hunting by using this app requires Sysmon logs or it can be directly work on windows logs...?

Thanks in Advance...
@dstaulcu
Copy link
Contributor

Take a look at the .\default\savedsearches.conf file to start to gain an understanding for yourself.
A quick review on my instances shows 151 scheduled searches with 142 of those referencing sysmon output. 82 of the 151 searches reference output from either sysmon or wineventlog. I haven't taken a close look at whether whitelist management dashboards support anything but sysmon effectively.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dstaulcu @Logeshrathinakumar