Security Utilities Flashcards

1
Q

Which capabilities are provided by Sysmon?

A

advanced system monitoring and event logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What kind of logs are captured by Sysmon?

A

process creations, network connections, file creations, registry modifications, driver loads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the format in which Sysmon logs are generated and why is it helpful?

A

in XML or CSV - makes it compatible with SIEM and log management solutions; organizations can forward Sysmon logs to a central repository for analysis and correlation with other security events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly