Sysmon Playbook Event ID 3

Sysmon Event ID: 3 Sysmon Event Title: Network Connection Detected Network Connection Attributes: When any machines with Sysmon installed makes a network connection many details about the network connection are captured and logged under the event id 3. We will briefly discuss all the fields captured under the event id 3.     RuleName: %1!s! […]

SYSMON Playbook – Event ID 1

Windows by default records most of the activity happening on OS in the Windows logs and can be viewed in Windows Event Viewer. However the Sysmon is much better when it comes to providing visibility into the activities related to executions. Sysmon is a great tool which is used to monitor the system and log […]

Sysmon Playbook Event ID 15

When a file is downloaded from the internet it is saved to the local system. File streams are recorded by this event id when the file is being downloaded mostly from web browser. As evident in the picture we can see the Image is Chrome.exe and Target File Name is Mimikatz file. It is pertinent […]