Sysmon

https://tryhackme.com/room/sysmon

Sysmon refers to System Monitor, which is a Windows system service and device driver developed by Microsoft that is designed to monitor and log various events happening within a Windows system.

Filter by Event ID: */System/EventID=<ID>

Filter by XML Attribute/Name: */EventData/Data[@Name="<XML Attribute/Name>"]

Filter by Event Data: */EventData/Data=<Data>

PreviousWindows NextCisco Networking Academy

Last updated 1 month ago