ssi0202

im lookin into the sigma stuff this presentation from SANS is really good by the way https://www.youtube.com/watch?v=PdCQChYrxXg

@SMAPPER i totally agree with your request here, from reading your input i get the idea that you may have a filebeat/vector.dev config that solves this with parsing perhaps already?...

@juju4 will the solution to mention result in the file being a pure xml formattet log data? the reason i ask is that im looking at how one can ship...

There is always a way but seeing I’m security dude and all I try to keep the amount of shadow it I create to a minimum thanks for getting back...

hey olaf, i honestly thought this was a MS run github repo, hence the ask for MDATP. cool stuff i can see why you choose sysmon based on your privious...

@MarioHewardt giving this a bump based of the convo on twitter :) [twitter convo with @markrussinovich and @MarioHewardt](https://twitter.com/mariohewardt/status/1600927625371058176?s=46&t=xa6yVz1Tv-UtcpZtKee7bg) i would also suggest that we make an extra logfile so all...