Comments on: Detect System File Manipulations with SysInternals Sysmon https://www.nextron-systems.com/2015/03/21/detect-system-file-manipulations-with-sysinternals-sysmon/ We Detect Hackers Tue, 04 Oct 2022 13:29:44 +0000 hourly 1 By: Ralph Ramos https://www.nextron-systems.com/2015/03/21/detect-system-file-manipulations-with-sysinternals-sysmon/#comment-32 Thu, 07 Apr 2016 17:29:53 +0000 https://www.bsk-consulting.de/?p=1246#comment-32 Yes, it worked with your rex change and some I had to make. We are not using the Splunk Symon app so I had to modify to use our field names. Thanks for the quick reply!

]]> By: Florian Roth https://www.nextron-systems.com/2015/03/21/detect-system-file-manipulations-with-sysinternals-sysmon/#comment-31 Wed, 06 Apr 2016 15:29:14 +0000 https://www.bsk-consulting.de/?p=1246#comment-31 In reply to Ralph Ramos.

Fixed that. Could you try it again.

]]> By: Ralph Ramos https://www.nextron-systems.com/2015/03/21/detect-system-file-manipulations-with-sysinternals-sysmon/#comment-30 Wed, 06 Apr 2016 15:24:37 +0000 https://www.bsk-consulting.de/?p=1246#comment-30 I am receiving an error related to the rex command, rex FIELD=Image “(?[^\\\]+)$”, unrecognized character after “?)” and I am not a regex expert.

]]>