Has anyone had any luck ingesting Sysmon v5 Logs into the SIEM - if so, how?
I configured Sysmon on a test server and I see the logs in Applications and Service Logs --> Windows --> Sysmon --> Operational, but I can't seem to configure the receiver to pick these up.
I'd love to see a content pack for Sysmon logs as these are incredibly valuable.
Moved from Support Forums to Security Information and Event Management (SIEM > Discussions
For better exposure and assistance.
Yes. I found 2 solutions. Changed the Data Source profile, but also created a custom parser, which was over kill.
Can you expand on that? What did you change the Data Source Profile to ? Can you share your parsing rules ?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC