"The functionality arrived in the Dev and Beta Windows Insider channels this week in builds 26300.7733 and 26220.7752, respectively. It allows administrators to capture system events via custom configuration files, filter for specific events, and write them to the standard Windows event log for pickup by third-party applications, including security tools."
"It helps in detecting credential theft, uncovering stealthy lateral movement, and powering forensic investigations."
"Its granular diagnostic data feeds security information and event management (SIEM) pipelines and enables defenders to spot advanced attacks."
"Having it built in (though disabled by default) is therefore welcome, a respite from Microsoft's relentless AI integrations across its portfolio."
Windows Insider Dev and Beta channels received built-in Sysmon functionality in builds 26300.7733 and 26220.7752. Administrators can use custom configuration files to capture system events, filter specific events, and write those events to the standard Windows event log for third-party pickup. Sysmon originates from the Sysinternals toolset and provides granular diagnostic data useful for detecting credential theft, uncovering lateral movement, and supporting forensic investigations. Existing standalone Sysmon installations must be uninstalled before enabling the built-in version. Enabling the feature requires PowerShell steps and is disabled by default across endpoints.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]