Help Me Understand This Level 12 Sysmon Rule

This page summarizes the projects mentioned and recommended in the original post on /r/Wazuh
Wazuh Sysmon Ossec security-tools Security

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sysmon

    Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)

    • Alright, I'm in the process of setting up wazuh for my organization. It's been working well with the default alerts it comes with. I wanted to try ingesting and alerting on sysmon logs so I added sysmon to a test endpoint (an IT workstation), added the necessary lines to ossec.conf, and added the ruleset mentioned here to the wazuh manager (local_rules.xml). Seems to be working, I see sysmon logs in wazuh and am now being overwhelmed by this level 12 alert...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts