Nov 03 2021 02:29 PM
I'm trying to get a list of boxes that have sysmon running on them.
Any reason this won't work?
DeviceFileEvents
| where FolderPath contains @"\Windows\System32\winevt\Logs"
| where FileName contains @"Sysmon"
| project DeviceName, FolderPath
| limit 100
Thanks!
Nov 04 2021 08:00 AM