Window's Logs on Steroids! SYSMON - Let's Deploy a Host Intrusion Detection System #10
Рет қаралды 11,676
Күн бұрын
@SoCyber-n5k 21 күн бұрын
You are good. The explanation is simple and straightforward
@Zeybek-n7z 2 жыл бұрын
Taylor, thank you so much! I love Wazuh, and I know many people complain and say Wazuh is a pain to manage, but that's what I love about Wazuh and its granularity that many of the big products don't offer. You are truly a master at your craft. Thanks again for these great videos.
@denisret5457 4 ай бұрын
Hello guys, why there is only the first Event which work for me ?
@yasser-cifer8175 2 ай бұрын
same issue , could you please tell me if you solve it and how
@ronaldratzlaff6672 9 ай бұрын
Hey Taylor, I followd this guide and I get some sysmon alerts in Wazuh (process creation and a few others), but for some reason the DNS query alert rule (101100) seems to not be working for me. I see the DNS queries in sysmon on the windows client, but they are not showing in the Wazuh dashboard. As mentioned, other sysmon alerts do show. Any ideas why that particular rule might fail?
@tommykohler1168 7 ай бұрын
Same problem here...have you solved the problem? If yes, could you please tell me how?
@2809kev 6 ай бұрын
@@tommykohler1168 did either of you figure this out?
@krishyadav6993 3 ай бұрын
It is not working because the rule ID is not defined correctly. Use the following rule: 61650 Sysmon - Event 22: DNS Query. no_full_log Hopefully, this will resolve the issue for the DNS query.
@krishyadav6993 3 ай бұрын
@@tommykohler1168 It is not working because the rule ID is not defined correctly. Use the following rule: 61650 Sysmon - Event 22: DNS Query. no_full_log Hopefully, this will resolve the issue for the DNS query.
@krishyadav6993 3 ай бұрын
@@2809kev It is not working because the rule ID is not defined correctly. Use the following rule: 61650 Sysmon - Event 22: DNS Query. no_full_log Hopefully, this will resolve the issue for the DNS query.
@pawelsmierciak2559 3 жыл бұрын
just one thing is missing here :) while running sysmon for the first time you need to add option -accepteula because it wont install and you wont get any error message :(
@taylorwalton_socfortress 3 жыл бұрын
Hey Pawel, thanks for pointing that out :). Command to be ran "sysmon -accepteula -i c:\windows\config.xml"
@khai-vq5hn 9 ай бұрын
is it possible that i ll be receiving logs in wazuh manger deploed locally on vmware workstation and windows 10 vm on azure
@khai-vq5hn 9 ай бұрын
i tried hell alot and nothing is working out
Taylor Walton
Рет қаралды 10 М.
Taylor Walton
Рет қаралды 6 М.
SANS Cyber Defense
Рет қаралды 3,9 М.
Black Hills Information Security
Рет қаралды 6 М.
Taylor Walton
Рет қаралды 6 М.
IppSec
Рет қаралды 35 М.
Taylor Walton
Рет қаралды 23 М.
Taylor Walton
Рет қаралды 7 М.
DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
DEFCONConference
Рет қаралды 148 М.
Super Tima
Рет қаралды 170 М.