Sysmon in depth Documentation

JL 141 Reputation points
2022-08-23T08:45:50.917+00:00

Hello,

I was wondering whether there is any actual, throughout and in-depth documentation of Sysmon (ID's and its atributes) and sysmonconfig schema. Often I'm using the "Troubleshooting with the Windows Sysinternal tools" by Mark Russinovich and it is in great detail but very outdated. Can anyone give me some tip (forum, book, online material etc)

Many thanks

Windows Sysinternals
Windows Sysinternals
A website that offers technical information and advanced system utilities to manage, troubleshoot, and diagnose Windows systems and applications.
870 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. dstaulcu 346 Reputation points
    2022-08-23T22:45:15.767+00:00

    Windows Internals books likely touch on it.

    Otherwise most in depth and readily accessible document I know of can be found here:

    https://www.trustedsec.com/tools/trustedsec-sysmon-community-guide/

    2 people found this answer helpful.