@marco_botros1 That’s great news. So far everything’s looking good.
@dan_martin Hello, is there an update on where things stand today and the latest on future developments? What are all the SysMon ID’s being collected today and which ones will be collected in the near future? Thank you for your time.
Hi @pdominguez there are 3 additional events we are working on at the moment: EID 3, 10 and 13. They will be configured and collected automatically and sent to IDR (if you use the Rapid7-managed Sysmon service). We are currently working on the finishing touches for them.
EID 1, 8 and 25 are the ones being collected and ingested right now. This page contains more information about how this all works in general: Sysmon Installer and Events Monitor - how the Insight Agent implements these components for use with InsightIDR and MDR | Insight Agent Documentation
Are there any plans for better visualization of sysmon data? Something like https://spyx.github.io/introduce-sysmongrahp/
2 Likes
hey @dnagel, sorry for the late reply. Sadly, we do not have any plans for better visualization of the sysmon data.