microsoft sysmon
March 22, 2023 · View on GitHub
Expression
product = "microsoft sysmon"
Fields
There are no fields for this extension.
Activity Types
| Activity Type | Field | Status | Core | Detection | Informational |
|---|---|---|---|---|---|
| alert-trigger | process_id | ||||
| thread_id | |||||
| process_guid | |||||
| process_name | Legacy | ✓ | |||
| user_sid | |||||
| dest_host | Legacy | ✓ | |||
| process_dir | |||||
| process_path | Legacy | ✓ |