Sysmon for Linux

Installing Sysmon for Linux

Sysmon for Linux 1.0.0 banner screen
Sysmon -c output, partial schema export
Event ID | Description1 | Process Creation3 | Network Connect5 | Process Terminate9 | RAW access read11 | File Create / Overwrite 16 | Sysmon config change23 | File Delete

Configuration

Example very basic sysmon configuration

Logging

Log entry example in /var/log/syslog
Process creation event sample
Network connect event sample
Process termination event sample
Process access event sample
Sysmon config change event sample
File Delete event sample

--

--

--

FalconForce | DFIR | Threat hunter | Data Dweller | Sysmon | Microsoft MVP

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Installing Ballerina: The hard way

Running the Latest AWS Load Balancer Controller in Your AWS EKS Cluster

Java Annotations

Product Developer: 6 skills that make developers shine in product teams and how to interview them

Offline & Furious: Tips to accelerate your offline mode development

How did GraphQL let us overtake the REST

Comments in PHP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Olaf Hartong

Olaf Hartong

FalconForce | DFIR | Threat hunter | Data Dweller | Sysmon | Microsoft MVP

More from Medium

Microsoft Sentinel (SIEM)

Light Roast 111: XDR — Hype vs. Reality

YARA Rules in Cyber Threat Intelligence

Introducing BloodHound 4.1 — The Three Headed Hound