System Monitor (Sysmon) 1.01-new release

Status
Not open for further replies.

Rus Anca

Level 25
Thread author
Verified
Jun 18, 2014
1,403
System Monitor (Sysmon) 1.01-new release

download page:http://www.softpedia.com/get/System/System-Info/Sysmon-Sysinternals.shtml

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network.

Note: that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers.

"Sysmon is a complex and reliable software utility which was developed to function only from Command Prompt, as it does not feature a Graphical User Interface.

The main purpose of the program resides in helping you monitor and capture your system activity to the Windows event log, so you can determine if there is anything out of place on your computer.

Purpose and functionality

Sysmon works as a Windows service as well as a device driver, tracking various actions on your system, for instance the network connections, changes to the files’ creation times, process creation and other relevant details.

However, the utility does not provide interpretation abilities, so the gathered information will need to be analyzed separately, by you.

Install and configure your system monitoring service

In order to install the tool on your PC, you need to open a CMD window and drop the EXE file onto it, after which you can type the ' -i [-h [sha1|md5|sha256]] [-n]’ command and hit Enter, allowing it to go through all its paces.

Once complete, you can begin configuring Sysmon, using a series of arguments, depending on what you wish to do with it. Some of its capabilities include recording the hash of process image files in MD5, SHA256 or SHA1, the last of which is used by default.

Moreover, it can log network connection details, namely the source process, the IP address, the hostnames and the port numbers. By analyzing the gathered data, you can determine whether anything suspicious occurs on your computer, being able to figure out if there are any intruders on your network.

A reliable instrument for tracking and logging your system’s activity

To sum it up, Sysmon is a comprehensive and efficient CMD tool, aimed mainly at advanced individuals, enabling you to monitor system activity and identify the occurrence of anomalous behavior"

Source:http://www.softpedia.com ---Written by Marina Dan
 
  • Like
Reactions: Oxygen and GabiCRX
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top