This configuration file for Sysmon is designed for the MITRE ATT&CK Evaluation. Tested with Deep Security Manager ™ 12 LTS with DSRU version 20-002 and above and Deep Security Agent version 12
Instructions on configuring Sysmon and the appropriate Log Inspection Rules can be found here: https://success.trendmicro.com/solution/1123908-Deep-Security-Log-Inspection-Rules-for-Sysmon-Event-Monitoring
This DSM Policy can be tuned as per the Customer infrastructure and environment. Project contributors may be able to help, depending on their time and availability. Please be specific about what you're trying to do, your system, and steps to reproduce the problem.
Official support from Trend Micro is not available. Individual contributors may be Trend Micro employees, but are not official support.
If you have questions about using the dsm policy, consider asking on Stack Overflow. Tag your question with deepsecurity and it will get pushed to our internal automation support Slack channel.
We accept contributions from the community. To submit changes:
- Fork this repository.
- Create a new feature branch.
- Make your changes.
- Submit a pull request with an explanation of your changes or additions.
We will review and work with you to release the Symon Config file changes.