Join Nostr
2026-03-27 21:47:47 UTC
in reply to

SwiftOnSecurity on Nostr: The full story of sysmon-config, the first (to my awareness) open source HIDS ...

The full story of sysmon-config, the first (to my awareness) open source HIDS monitoring solution I've neglected but others have picked up the mantle, is sonething I would like to tell.

It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.

It turns out the sensitive modifications that screw things up kind of include the malware. ones.