PHASE: Sysmon Event IDs50% COMPLETION
MODULE 05
Sysmon Deep Dive
Configuring and analyzing System Monitor logs for process creation and DNS queries.
Sysmon Event IDs
Sysmon provides detailed telemetry beyond standard Windows logs.
Event 1: Process Creation (with command line)
Event 3: Network Connection
Event 7: Image Loaded (DLL)
Event 22: DNS Query