Sysmon and Windows Event Forwarding workshop
•
0 likes•197 views
EventCombMT is a highly-configurable tool that writes system events to the Windows Event Log. It is part of the Sysinternals suite and is under active development. EventCombMT is useful for security, support, and IT teams to monitor system activity through the Windows Event Log. It allows filtering of event log entries through configurable rule groups.
Report
Share
Sysmon and Windows Event Forwarding workshop
- 2. 2
- 3. 3
- 4. 4
- 5. ✔A highly-configurable service that writes system events to the Windows Event Log ✔Part of the Sysinternals suite and under active development ✔An excellent tool for Security, Support, and IT teams 5
- 6. 6
- 7. 7
- 8. 8
- 9. ❌An alternative to antivirus ❌A log analysis tool ❌An alternative to Security/Support/ IT teams 9
- 10. 10
- 11. 11
- 12. 12
- 13. 13
- 14. 14
- 15. 15
- 16. 16
- 17. 17
- 18. 18
- 19. 19
- 20. 20
- 21. 21
- 22. 22
- 23. 23
- 24. 24
- 25. 25
- 26. 26
- 27. 27
- 28. 28
- 29. 29
- 30. 30
- 31. 31
- 33. 33
- 34. 34 <RuleGroup name="" groupRelation=“or"> <ProcessCreate onmatch="include"> … </ProcessCreate> </RuleGroup> <RuleGroup name="" groupRelation=“or"> <ProcessCreate onmatch=“exclude"> … </ProcessCreate> </RuleGroup>
- 35. 35 is is not contains excludes begin with end with less than more than image
- 36. 36
- 37. 37 <RuleGroup name="" groupRelation="or"> <FileCreateTime onmatch="exclude"> … <Image condition="end with">AppDataLocalProgramsMicrosoft VS CodeCode.exe</Image> </FileCreateTime> </RuleGroup>
- 38. 38
- 39. 39
- 40. 40
- 41. 41
- 42. 42
- 43. 43
- 44. 44
- 45. 45
- 46. 46
- 47. 47
- 48. 48
- 49. 49
- 50. 50
- 51. 51
- 52. 52
- 53. 53
- 54. 54
- 55. 55
- 56. 56
- 57. 57
- 58. 58
- 59. 59
- 60. 60
- 61. 61
- 62. 62
- 63. 63
- 64. 64
- 65. 65