Under Review

Sysmon logs investigation through Sophos XDR

Is it possible to enable sysmon logging in windows and then capture all logs to Sophos XDR and use it for threat detection?

  • Hi  

    Depending on what it is you're after, the logs with sysmon generates already exist within the Windows Event Viewer, and therefore queryable with XDR. It will largely be dependent on what audit level you have across your environment for the detections or investigation to be possible. Hope this helps.