Detection rules › Sigma

Sysmon Configuration Change

Severity

medium

Author

frack113

Source

upstream

Detects a Sysmon configuration change, which could be the result of a legitimate reconfiguration or someone trying manipulate the configuration