on Sep 10, 2020Sysmon service is running and generating events that I see in Event Viewer. I've add the channel: Microsoft-Windows-Sysmon/Operational on the Log Collector. But I don't see Sysmon logs in Netwitness Investigate. I see logs from other channels. Is this a parser issue? Any help would be appreciated.
Jay
Do you see them at all from an unknown device type perspective? Are there any errors in the log collector winrm logs?
Dave