Sysmon and Events Monitor Update
- The Events Monitor component, which is included in all InsightIDR and MDR-subscribed Insight Agents, can now be used to send non-Rapid7 installed Sysmon data to the Insight Platform. This new feature will send the same set of events currently supported by Rapid7 installed Sysmon:
- Event ID 1: Process creation
- Event ID 3: Network connection
- Event ID 8: CreateRemoteThread
- Event ID 10: ProcessAccess
- Event ID 13: RegistryEvent (Value Set)
- Event ID 25: ProcessTampering (Process image change)
This functionality will require configuration by the Rapid7 Support team. Self-manage the Sysmon service deployment includes information on how to get started.