-
-
Save nullbind/da995d81b1d8eea3ee5b601ee7f14542 to your computer and use it in GitHub Desktop.
Revisions
-
MHaggis revised this gist
Feb 11, 2022 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,7 @@ <HashAlgorithms>md5,sha256</HashAlgorithms> <DnsLookup>False</DnsLookup> <CheckRevocation>False</CheckRevocation> <ArchiveDirectory>sysmon</ArchiveDirectory> <EventFiltering> <!--Event ID 1: Process creation--> <ProcessCreate onmatch="exclude"></ProcessCreate> -
Feb 11, 2022 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ <Sysmon schemaversion="4.81"> <HashAlgorithms>md5,sha256</HashAlgorithms> <DnsLookup>False</DnsLookup> <CheckRevocation>False</CheckRevocation> <EventFiltering> <!--Event ID 1: Process creation--> <ProcessCreate onmatch="exclude"></ProcessCreate> -
Dec 17, 2021 . No changes.There are no files selected for viewing
-
Dec 17, 2021 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ <Sysmon schemaversion="4.81"> <HashAlgorithms>md5,sha256</HashAlgorithms> <EventFiltering> <!--Event ID 1: Process creation--> @@ -40,8 +40,8 @@ <FileDelete onmatch="exclude"></FileDelete> <!--Event ID 24: ClipboardChange (New content in the clipboard)--> <ClipboardChange onmatch="exclude"></ClipboardChange> <!--Event ID 25: ProcessTampering--> <ProcessTampering onmatch="exclude"></ProcessTampering> <!--Event ID 26: FileDeleteDetected --> <FileDeleteDetected onmatch="exclude"></FileDeleteDetected> </EventFiltering> -
Sep 3, 2021 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -43,7 +43,6 @@ <!--Event ID 25: ProcessTampering (Process image change)--> <ProcessTampering onmatch="exclude"></ProcessTampering> <!--Event ID 26: FileDeleteDetected --> <FileDeleteDetected onmatch="exclude"></FileDeleteDetected> </EventFiltering> </Sysmon> -
Sep 3, 2021 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ <Sysmon schemaversion="4.60"> <HashAlgorithms>md5,sha256</HashAlgorithms> <EventFiltering> <!--Event ID 1: Process creation--> @@ -42,5 +42,8 @@ <ClipboardChange onmatch="exclude"></ClipboardChange> <!--Event ID 25: ProcessTampering (Process image change)--> <ProcessTampering onmatch="exclude"></ProcessTampering> <!--Event ID 26: FileDeleteDetected --> <FileDeleteDetected onmatch="exclude"> </FileDeleteDetected> </EventFiltering> </Sysmon> -
Sep 2, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ <Sysmon schemaversion="4.50"> <HashAlgorithms>md5,sha256</HashAlgorithms> <EventFiltering> <!--Event ID 1: Process creation--> <ProcessCreate onmatch="exclude"></ProcessCreate> <!--Event ID 2: A process changed a file creation time--> <FileCreateTime onmatch="exclude"></FileCreateTime> <!--Event ID 3: Network connection--> <NetworkConnect onmatch="exclude"></NetworkConnect> <!--Event ID 5: Process terminated--> <ProcessTerminate onmatch="exclude"></ProcessTerminate> <!--Event ID 6: Driver loaded--> <DriverLoad onmatch="exclude"></DriverLoad> <!--Event ID 7: Image loaded--> <ImageLoad onmatch="exclude"></ImageLoad> <!--Event ID 8: CreateRemoteThread--> <CreateRemoteThread onmatch="exclude"></CreateRemoteThread> <!--Event ID 9: RawAccessRead--> <RawAccessRead onmatch="exclude"></RawAccessRead> <!--Event ID 10: ProcessAccess--> <ProcessAccess onmatch="exclude"></ProcessAccess> <!--Event ID 11: FileCreate--> <FileCreate onmatch="exclude"></FileCreate> <!--Event ID 12: RegistryEvent (Object create and delete)--> <!--Event ID 13: RegistryEvent (Value Set)--> <!--Event ID 14: RegistryEvent (Key and Value Rename)--> <RegistryEvent onmatch="exclude"></RegistryEvent> <!--Event ID 15: FileCreateStreamHash--> <FileCreateStreamHash onmatch="exclude"></FileCreateStreamHash> <!--Event ID 17: PipeEvent (Pipe Created)--> <!--Event ID 18: PipeEvent (Pipe Connected)--> <PipeEvent onmatch="exclude"></PipeEvent> <!--Event ID 19: WmiEvent (WmiEventFilter activity detected)--> <!--Event ID 20: WmiEvent (WmiEventConsumer activity detected)--> <!--Event ID 21: WmiEvent (WmiEventConsumerToFilter activity detected)--> <WmiEvent onmatch="exclude"></WmiEvent> <!--Event ID 22: DNSEvent (DNS query)--> <DnsQuery onmatch="exclude"></DnsQuery> <!--Event ID 23: FileDelete (A file delete was detected)--> <FileDelete onmatch="exclude"></FileDelete> <!--Event ID 24: ClipboardChange (New content in the clipboard)--> <ClipboardChange onmatch="exclude"></ClipboardChange> <!--Event ID 25: ProcessTampering (Process image change)--> <ProcessTampering onmatch="exclude"></ProcessTampering> </EventFiltering> </Sysmon>