Window's Logs on Steroids! SYSMON - Let's Deploy a Host Intrusion Detection System #10
HTML-код
- Опубликовано: 5 сен 2024
- Join me as we install and configure Windows SYSMON tool. A Window's Event log collection module on steroids! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Link to previous video: • Capturing User Command...
Check us out: www.opensecure...
Interact with our demo: www.opensecure...
Hire us: www.opensecure...
Link to repo: github.com/Ope...
Taylor, thank you so much! I love Wazuh, and I know many people complain and say Wazuh is a pain to manage, but that's what I love about Wazuh and its granularity that many of the big products don't offer. You are truly a master at your craft. Thanks again for these great videos.
Hey Taylor,
I followd this guide and I get some sysmon alerts in Wazuh (process creation and a few others), but for some reason the DNS query alert rule (101100) seems to not be working for me. I see the DNS queries in sysmon on the windows client, but they are not showing in the Wazuh dashboard. As mentioned, other sysmon alerts do show. Any ideas why that particular rule might fail?
Same problem here...have you solved the problem? If yes, could you please tell me how?
@@tommykohler1168 did either of you figure this out?
just one thing is missing here :) while running sysmon for the first time you need to add option -accepteula because it wont install and you wont get any error message :(
Hey Pawel, thanks for pointing that out :). Command to be ran "sysmon -accepteula -i c:\windows\config.xml"
is it possible that i ll be receiving logs in wazuh manger deploed locally on vmware workstation and windows 10 vm on azure
i tried hell alot and nothing is working out