Skip to content

Instantly share code, notes, and snippets.

# generate via: wevtutil gp Microsoft-Windows-Sysmon /getevents /getmessage
name: Microsoft-Windows-Sysmon
guid: 5770385f-c22a-43e0-bf4c-06f5698ffbd9
helpLink:
resourceFileName: C:\Windows\Sysmon.exe
messageFileName: C:\Windows\Sysmon.exe
message:
channels:
channel: