Event ID 16

Sysmon configuration change
Source:
Microsoft-Windows-Sysmon
Category:
Sysmon config state changed
Sysmon config state changed:
    UtcTime: %1!s!
    Configuration: %2!s!
    ConfigurationFileHash: %3!s!


This event logs changes in the Sysmon configuration - for example when the filtering rules are updated.


LEFT/RIGHT arrow keys for navigation

Back to List