Sysmon and track deleted files on network share

Kania, Piotr 5 Reputation points
2023-09-13T13:37:19.58+00:00

Hello

I've tried to use sysmon ver 15 to track detectedfiledeletion events on network share (windows 2022). Files deleted from local pc by user - works fine. But with remote access to share - As user is local system (not real user name).
Is any way to gather also the correct user name?

Thanks !

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,151 questions
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.