Sophos Endpoint

Live Response Sysmon logs investigation through Sophos XDR

Sophos Endpoint requires membership for participation - click to join

Complete

8 months ago

[Answered]

Sysmon logs investigation through Sophos XDR

Is it possible to enable sysmon logging in windows and then capture all logs to Sophos XDR and use it for threat detection?

JeramyKopacko over 1 year ago

Hi Bhinang Tejani

Depending on what it is you're after, the logs with sysmon generates already exist within the Windows Event Viewer, and therefore queryable with XDR. It will largely be dependent on what audit level you have across your environment for the detections or investigation to be possible. Hope this helps.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel