rochfo Super Contributor.
Super Contributor.
1100 views

Sysmon

Hi,

Is it possible to consume sysmon events into Sentinel? I was looking at creating a provider to just get the events in but there is no option to capture logs outside of the locations defined for the Windows Event log (Security, App, System etc). Is there a way to do this?

Thanks
0 Likes
4 Replies
rochfo Super Contributor.
Super Contributor.

Re: Sysmon

So I guess that's a no then?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Sysmon

On 2018-10-12 16:36, rochfordp wrote:
>
> Hi,
>
> Is it possible to consume sysmon events into Sentinel? I was looking at
> creating a provider to just get the events in but there is no option to
> capture logs outside of the locations defined for the Windows Event log
> (Security, App, System etc). Is there a way to do this?


You could use a SmartConnector with any of the FlexConnectors from
Marketplate: https://marketplace.microfocus.com/arcsight/search?q=sysmon


--
Norbert
0 Likes
Highlighted
rochfo Super Contributor.
Super Contributor.

Re: Sysmon

Thanks Norbert,

It's not too clear how to use these with Sentinel. How do we integrate them with the Sentinel infrastructure? Do I download the Linux SmartConnector bin file and just install it on the Collector Manager I want to use?
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Sysmon

rochfordp;2491140 wrote:
Thanks Norbert,

It's not too clear how to use these with Sentinel. How do we integrate them with the Sentinel infrastructure? Do I download the Linux SmartConnector bin file and just install it on the Collector Manager I want to use?


You'll need to read the documentation about best place to install for your needs, but then it'd connect to:







Collector Plug-in:
Universal Common Event Format

Visit my Website for links to Cool Solution articles.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.