Showing results for 
Search instead for 
Did you mean: 

Sysmon v5 Logs

Has anyone had any luck ingesting Sysmon v5 Logs into the SIEM - if so, how?

I configured Sysmon on a test server and I see the logs in Applications and Service Logs --> Windows --> Sysmon --> Operational, but I can't seem to configure the receiver to pick these up.

I'd love to see a content pack for Sysmon logs as these are incredibly valuable.

3 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Sysmon v5 Logs

Moved from Support Forums to Security Information and Event Management (SIEM > Discussions

For better exposure and assistance.



McAfee Volunteer

Re: Sysmon v5 Logs

Yes. I found 2 solutions. Changed the Data Source profile, but also created a custom parser, which was over kill.

Re: Sysmon v5 Logs

Can you expand on that? What did you change the Data Source Profile to ? Can you share your parsing rules ?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community