System Monitor (Sysmon) is a Windows system service and device driver. Once installed on a system, it remains resident across system reboots. The task is to monitor system activity and log it in the Windows event log. The tool provides detailed information about process creation, network connections and file creation time changes.
By collecting and then analyzing the events generated by Windows Event Collection or SIEM agents, you can identify malicious or anomalous activity and understand how intruders and malware work on your network.
Sysmon V8.0 adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations.
Details & Download: Sysmon v8.0
This utility shows which programs are called or configured to run during system startup or logon and when various built-in Windows applications such as Internet Explorer, Explorer, and Media Player are started. These programs and drivers are located in the user's start folder, in the Run and RunOnce registry keys, and other registry keys. Autoruns displays Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, autostart services and much more.
Autoruns V13.90 now includes Runonce\*\\\\Depend key and GPO logon and logoff positions. The new version corrects an error when parsing WMI paths
Details &Download: Autoruns 13.90
Thanks to @PhantomofMobile for the Tweet.
Cookies helps to fund this blog: Cookie settings