Here is the latest list of updates to Sysmon View (v1.1), the tool incorporated much of the feedback received (thank you all), bug fixing and adding new features:
- Bug fixes related to internal database connectivity errors
- Bug fixes related to UI not to be reset after resetting data
- Bug fixes related to the way information about binary images (executables) are collected
- Sysmon View design is now based on multiple visual modules (currently there are two modules)
- “Process View” got an additional “filtering” option that will show images (executables) that are being reported with specific selected events types. For example, to view the timeline of a process, but excluding its network and Image loaded events, then a filter can be applied to narrow down the results (as shown in the following screenshot), which in turn, helps narrow down the number of listed binaries to be investigated.
- Map View: the new view displays network events based on destination country (Geo IP lookup), this will work only if the “geo-location” option was selected during the import process. Selecting any country will display the relevant network events.
For any questions or suggestions, please contact me by email.