Tag: Sysmon

We will be doing the Sysmon room this time. I don’t know about Sysmon too much except that it’s usually running in the background and helps logs events for us, similar to Windows Event Manager. I believe it is a bit more comprehensive in its logging which is why it’s usef...

List of Sysmon Event IDs: Event ID 1: Process creation The process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event...