3 Replies Latest reply on Nov 24, 2016 7:27 AM by anton2016

    Sysmon v5 Logs

    anton2016

      Has anyone had any luck ingesting Sysmon v5 Logs into the SIEM - if so, how?

       

      I configured Sysmon on a test server and I see the logs in Applications and Service Logs --> Windows --> Sysmon --> Operational, but I can't seem to configure the receiver to pick these up.

       

      I'd love to see a content pack for Sysmon logs as these are incredibly valuable.