You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sysmon has the capability to monitor for three major actions against Registry
Sysmon has the capability to monitor for three major actions against the Registry
***EventID 12** - Registry object added or deleted
Expand DownExpand Up
@@ -1719,7 +1719,7 @@ In registry events, the value name is appended to the full key path with a \"\\\
Default key values are named \"\\(Default)\"
When filtering for keys or values in HKCU, use **contains** or **end with** when filtering against **TargetObject** since the SID of the user is appended after the Hive name.
When filtering for keys or values in HKCU, use **contains** or **ends with** when filtering against **TargetObject** since the SID of the user is appended after the Hive name.
