Skip to content
TrustedSec Sysinternals Sysmon Community Guide
CSS
Branch: master
Clone or download
darkoperator Merge pull request #6 from SimplyRyan/patch-1
Update install-and-configuration.md
Latest commit 4cbb478 Feb 6, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
media TS Logo Jan 28, 2020
README.md Update README.md Feb 5, 2020
Sysmon.md Files used for ebook format creation Jan 30, 2020
WMI-events.md Update WMI-events.md Jan 28, 2020
cover.png Files used for ebook format creation Jan 30, 2020
create-remote-thread.md Fix typos Create Remote Thread Jan 28, 2020
dns-query.md Fix typos in DNS Query Jan 28, 2020
driver-loading.md Fix Typos in Driver Loading Jan 28, 2020
file-create-time-change.md Fix typos in File Creation Time Change Jan 28, 2020
file-create.md Fix typos in File Create Jan 28, 2020
file-stream-creation-hash.md Fix typos in File Stream Creation Hash Jan 28, 2020
image-loading.md Initial Commit Jan 24, 2020
install-and-configuration.md Update install-and-configuration.md Feb 6, 2020
metadata.yml Files used for ebook format creation Jan 30, 2020
named-pipes.md Rename named-pipes-events.md to named-pipes.md Feb 6, 2020
network-connections.md Fix typos for Network Connections Jan 28, 2020
operational-events.md Fix Typos on Operational Events Jan 28, 2020
pandoc.css Files used for ebook format creation Jan 30, 2020
process-access.md Initial Commit Jan 24, 2020
process-creation.md Initial Commit Jan 24, 2020
process-events.md Initial Commit Jan 24, 2020
process-termination.md Initial Commit Jan 24, 2020
raw-access-read.md Fix Typos in Raw Access Read Jan 28, 2020
registry-actions.md Rename registry-action.md to registry-actions.md Feb 6, 2020
sysmon-events.md Initial Commit Jan 24, 2020
the-sysmon-driver.md Typo Fixes - Driver Jan 24, 2020
what-is-sysmon.md Fix formatting Jan 24, 2020

README.md

TrustedSec Sysmon Community Guide

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License, please attribute to TrustedSec LLC

You are free to:

Share — copy and redistribute the material in any medium or format.

Adapt — remix, transform, and build upon the material.

The authors encourage you to redistribute this content as widely as possible, but require that you give credit to the primary authors below, and that you notify us on GitHub of any improvements you make.

Table of Contents

Current State:

Microsoft Sysinternals Sysmon is an ever changing piece of software provided by Microsoft free for its users. As such it is constantly being updated and new featured are added. As it relates to configurations this guide tries to be as open as possible since each environment is unique and recomendations are based on these contraints as much as possible. The guide is made Open Source so that as Sysmon evolves the comunity helps in expanding and maintaining the guide.

Contributing

Please use the issues system or GitHub pull requests to make corrections, contributions, and other changes to the text - we welcome your contributions!

Credits

This guide was originally written and edited by Carlos Perez of TrustedSec LLC.

You can’t perform that action at this time.