System32
Events
Compliance
Validator
TLS/SSL
PingSentry
GeoIP
Tools
Sources
Microsoft-Windows-Sysmon
(30)
Categories
Clipboard changed (rule: ClipboardChange)
(1)
CreateRemoteThread detected (rule: CreateRemoteThread)
(1)
Dns query (rule: DnsQuery)
(1)
Driver loaded (rule: DriverLoad)
(1)
File Delete archived
(1)
File Delete logged
(1)
File created (rule: FileCreate)
(1)
File creation time changed (rule: FileCreateTime)
(1)
File stream created (rule: FileCreateStreamHash)
(1)
Image loaded (rule: ImageLoad)
(1)
Network connection detected (rule: NetworkConnect)
(1)
Pipe Connected (rule: PipeEvent)
(1)
Pipe Created (rule: PipeEvent)
(1)
Process Create (rule: ProcessCreate)
(1)
Process Tampering (rule: ProcessTampering)
(1)
Process accessed (rule: ProcessAccess)
(1)
Process terminated (rule: ProcessTerminate)
(1)
RawAccessRead detected (rule: RawAccessRead)
(1)
Registry object added or deleted (rule: RegistryEvent)
(1)
Registry object renamed
(1)
Registry value set (rule: RegistryEvent)
(1)
Sysmon config state changed
(1)
Sysmon service state changed
(1)
WmiEventConsumer activity detected
(1)
WmiEventConsumerToFilter activity detected
(1)
WmiEventFilter activity detected
(1)
Tags
Sysmon
All events
ID
Message
1
Process Create: RuleName: %1!s! UtcTime: %2!s! ProcessGuid: %3...
2
File creation time changed: RuleName: %1!s! UtcTime: %2!s! Pro...
3
Network connection detected: RuleName: %1!s! UtcTime: %2!s! Pr...
4
Sysmon service state changed: UtcTime: %1!s! State: %2!s! Vers...
5
Process terminated: RuleName: %1!s! UtcTime: %2!s! ProcessGuid...
6
Driver loaded: RuleName: %1!s! UtcTime: %2!s! ImageLoaded: %3!...
7
Image loaded: RuleName: %1!s! UtcTime: %2!s! ProcessGuid: %3!s...
8
CreateRemoteThread detected: RuleName: %1!s! UtcTime: %2!s! So...
9
RawAccessRead detected: RuleName: %1!s! UtcTime: %2!s! Process...
10
Process accessed: RuleName: %1!s! UtcTime: %2!s! SourceProcess...
11
File created: RuleName: %1!s! UtcTime: %2!s! ProcessGuid: %3!s...
12
Registry object added or deleted: RuleName: %1!s! EventType: %2!s! ...
13
Registry value set: RuleName: %1!s! EventType: %2!s! UtcTime: ...
14
Registry object renamed: RuleName: %1!s! EventType: %2!s! UtcT...
15
File stream created: RuleName: %1!s! UtcTime: %2!s! ProcessGui...
16
Sysmon config state changed: UtcTime: %1!s! Configuration: %2!s! ...
17
Pipe Created: RuleName: %1!s! EventType: %2!s! UtcTime: %3!s! ...
18
Pipe Connected: RuleName: %1!s! EventType: %2!s! UtcTime: %3!s...
19
WmiEventFilter activity detected: RuleName: %1!s! EventType: %2!s! ...
20
WmiEventConsumer activity detected: RuleName: %1!s! EventType: %2!s...
21
WmiEventConsumerToFilter activity detected: RuleName: %1!s! EventTy...
22
Dns query: RuleName: %1!s! UtcTime: %2!s! ProcessGuid: %3!s! ...
23
File Delete archived: RuleName: %1!s! UtcTime: %2!s! ProcessGu...
24
Clipboard changed: RuleName: %1!s! UtcTime: %2!s! ProcessGuid:...
25
Process Tampering: RuleName: %1!s! UtcTime: %2!s! ProcessGuid:...
26
File Delete logged: RuleName: %1!s! UtcTime: %2!s! ProcessGuid...
27
File Block Executable: RuleName: %1!s! UtcTime: %2!s! ProcessG...
28
File Block Shredding: RuleName: %1!s! UtcTime: %2!s! ProcessGu...
29
File Executable Detected: RuleName: %1!s! UtcTime: %2!s! Proce...
255
Error report: UtcTime: %1!s! ID: %2!s! Description: %3!s!