Updated Sysmon View

Here is the latest list of updates to Sysmon View (v1.1), the tool incorporated much of the feedback received (thank you all), bug fixing and adding new features:

  • Bug fixes related to internal database connectivity errors
  • Bug fixes related to UI not to be reset after resetting data
  • Bug fixes related to the way information about binary images (executables) are collected
  • Sysmon View design is now based on multiple visual modules (currently there are two modules)
  • “Process View” got an additional “filtering” option that will show images (executables) that are being reported with specific selected events types. For example, to view the timeline of a process, but excluding its network and Image loaded events, then a filter can be applied to narrow down the results (as shown in the following screenshot), which in turn, helps narrow down the number of listed binaries to be investigated.

  • Map View: the new view displays network events based on destination country (Geo IP lookup), this will work only if the “geo-location” option was selected during the import process. Selecting any country will display the relevant network events.

For any questions or suggestions, please contact me by email.