Hi, sysmon can be used to log processes creation. More info at: https://technet.microsoft.com/en-us/sysinternals/dn798348
Also check this great document from Josh: http://defensivedepth.com/2015/03/27/using-sysmon -to-enrich-security-onions-host-level-capabilities/ and the link to decoders and rules in github: https://github.com/defensivedepth/Sysmon_OSSEC Best On Wed, Apr 8, 2015 at 3:16 AM, Nhen Panha <[email protected]> wrote: > Hello Sir! > > I would like to ask you that: > I want to monitor (know) if someone install (*.exe) file in my computer > (Windows). > > Thank for your support. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
