Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

CB Defense PSC Console: All Versions
CB ThreatHunter Console: All Versions

Question

Can the PSC be used to query or view sysmon events?

Answer

No. The PSC does not yet have the ability to query against the Windows event log

Additional Notes

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

598

Knowledge Base

CB PSC: Can the PSC be used to query or view sysmon events?

CB PSC: Can the PSC be used to query or view sysmon events?

Environment

Question

Answer

Additional Notes

Audit and Remediation

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Managed Detection

Knowledge Base

CB PSC: Can the PSC be used to query or view sysmon events?

CB PSC: Can the PSC be used to query or view sysmon events?

Environment

Question

Answer

Additional Notes

Audit and Remediation

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Managed Detection

Thank you for your feedback.

Thank you for your feedback.