Sysmon Logs
Overview
Evidence: Sysmon Logs Description: Collect Sysmon Logs. Category: System Platform: linux Short Name: sysmon Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Sysmon for Linux is a security monitoring tool that provides detailed information about system activity including process creation, network connections, and file system changes. It generates comprehensive logs that are essential for threat detection, incident response, and security analysis on Linux systems.
Data Collected
This collector gathers structured data about sysmon logs.
Sysmon Logs Data
FilePath
File Path
Example value
Name
Name
Example value
Size
Size
123.45
SourcePath
Source Path
Example value
Collection Method
This collector parses Sysmon logs from /var/log/syslog and extracts structured event data. It processes Sysmon-specific log entries and converts them into a structured format for analysis.
Forensic Value
Sysmon logs are invaluable for forensic investigations as they provide detailed system activity timelines including process creation with hashes, network connections, file modifications, and other security-relevant events. This data helps investigators reconstruct attack sequences, identify malicious activities, track lateral movement, and understand the full scope of security incidents on Linux systems.
Last updated
Was this helpful?