Security Utilities Flashcards
1
Q
Which capabilities are provided by Sysmon
?
A
advanced system monitoring and event logging
2
Q
What kind of logs are captured by Sysmon
?
A
process creations, network connections, file creations, registry modifications, driver loads
3
Q
What is the format in which Sysmon
logs are generated and why is it helpful?
A
in XML or CSV - makes it compatible with SIEM and log management solutions; organizations can forward Sysmon
logs to a central repository for analysis and correlation with other security events