AnsweredAssumed Answered

Problems with Sysmon v8 Parsing

Question asked by Olatunde Idowu on Nov 6, 2018
Latest reply on Nov 9, 2018 by Olatunde Idowu

I'm trying to parse sysmon logs in Netwitness and I've updated the winevent_nic parser to the latest one on github. The problem is mostly with reference.id = '1'. The parent process is not getting parsed which really reduces the value of the logs. Any help with this will be appreciated.

 

Regards,

Olatunde

Outcomes