Hey all. I tried exhaustively to search for an answer and couldn't find it. I'm testing a way to integrate Sysmon into Zabbix for some analysis, but I dunno if something's not working right or I'm doing something wrong.
We're running Zab2.4.7, workstation has Windows agent v2.2, item key is "eventlog[Microsoft-Windows-Sysmon/Operational,,,,3]" - I wanted to filter only Network connections, but instead of only EventID 3, I'm getting 13 also.
Any tips? Need any more info?
We're running Zab2.4.7, workstation has Windows agent v2.2, item key is "eventlog[Microsoft-Windows-Sysmon/Operational,,,,3]" - I wanted to filter only Network connections, but instead of only EventID 3, I'm getting 13 also.
Any tips? Need any more info?
Comment