Replies: 1 comment
-
|
This is not really how Sysmon works. Sysmon is a driver that generates
telemetry which will end up in its own EVTX file.
I think your looking more for a solution like Sigma together with a tool
like Chainsaw to a analyze it offline.
https://github.com/countercept/chainsaw
On Mon, 27 Jun 2022 at 06:12, sajid36 ***@***.***> wrote:
It would be great if we could run these sysmon-event detection and to
MITRE-mapping for offline analysis. Lets say we have collected a bunch of
.evtx files and then run these sysmon rules to perform post-mortem analysis.
—
Reply to this email directly, view it on GitHub
<#138>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB6FXC4W53XHS6B4ZLUBANTVREZ3XANCNFSM5Z5FM2KQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
…--
https://olafhartong.nl
+31 6 20604042
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
It would be great if we could run these sysmon-event detection and to MITRE-mapping for offline analysis. Lets say we have collected a bunch of .evtx files and then run these sysmon rules to perform post-mortem analysis.
Beta Was this translation helpful? Give feedback.
All reactions