Sysmon 11 released

Many SIEM installations use sysinternals sysmon as one of many data sources. Mark Russinovich (Microsoft Azure CTO, co-creator of sysinternals) released a video explaining some of the new features of Sysmon 11, which was released on 28th April.

A new useful feature is archiving a file, just before it is deleted. Some attackers delete their tools after gathering information. In order to understand their tools or even search for MD5 or imphashes, the sysmon 11 archiving function can be helpful.


(Source: https://www.youtube.com/watch?v=_MUP4tgdM7s)

No comments:

Post a Comment

Proxmox VM missing CPU Flag for MongoDB installation

Problem You want to install MongoDB, e.g. version 8.0, but it fails and you get warnings like e.g.: "Your CPU is no longer officially s...