Sysmon v6.10 VS WMI Persistence

Sysmon v6.10 has been released on the 11th of September and introduces new features such as WMI events reporting. At the first sight, these new capabilites seem very interesting for SOC and Incident Response purposes. Therefore in this article, we are going to explore the new events generated by this latest version of Sysmon. We will also discuss in which extent we can use these events to detect real life WMI abuses. more ...

Sysmon Events Table

Statistics showing the count of the events generated over a monitoring period of 5h with all the Sysmon events being logged. The event IDs not displayed have simply not been seen during the sampling. more ...