https://sysmon.com.br/
sistema de gerenciamento de eventos de alarmes, controle de acesso e imagens
sysmonmaisqueumsistema
https://www.elastic.co/docs/reference/beats/winlogbeat/winlogbeat-module-sysmon
The sysmon module processes event log records from the Sysinternals System Monitor (Sysmon) which is a Windows service and device driver that logs system...
sysmonmodulebeats
https://www.elastic.co/docs/reference/beats/winlogbeat/exported-fields-sysmon
These are the event fields specific to the Sysmon module.
sysmonmodulefieldsbeats
https://www.elastic.co/docs/reference/security/prebuilt-rules/audit_policies/windows/sysmon_eventid11_file_create
Caution: Collecting Sysmon events without a tailored configuration for your environment will cause high data volume. These setup instructions would need...
event idsysmonfilecreateprebuilt