Forum Discussion
m0l0ch
Mar 14, 2019Copper Contributor
How to add 'Microsoft-Windows-Sysmon' events to table 'SysmonEvent'?
Hi everyone. How to add 'Microsoft-Windows-Sysmon' events to table 'SysmonEvent'? I've try to setup it in my env w/ Win10, but Sysmon logs collected to 'Events' table only. What I did wrong? E...
PeterSchawacker
Mar 31, 2019Brass Contributor
m0l0chI'm having a similar problem. I think I got a little farther than you might have, but now I'm seeing Sysmon events in the wrong table, or at least I think it's the wrong table.
Instead of appearing in the Security/Sysmon table, I get them in the Log Management/Event table. Maybe I configured the Data settings incorrectly (see below), but...
Where I expected to see Sysmon events, but don't...
My Windows Event Logs Data settings...
- Valon_KolicaApr 01, 2019Microsoft