Detect execution installation.

Abdale Said

unread,

Aug 13, 2022, 2:15:43 PM8/13/22

to Wazuh mailing list

Hello guys

Is there is a way that I can detect .exe or application installations.

I can detect .msi installations but but not .exe

Nicolas Zapata

unread,

Aug 15, 2022, 10:01:34 AM8/15/22

to Wazuh mailing list

Hello Abdale thanks for using wazuh!

You can use Sysmon to detect process creation. Sysmon is a command line tool which allows us to monitor and track processes taking place in our computers. With the right configuration, suspicious behaviors can be detected by Sysmon and the detailed information will be stored in the generated log.

For more information I recommend reading our blog about how to integrate it with wazuh and how to configure it.

Using Wazuh to monitor Sysmon events

Learn to detect threats on Windows by monitoring Sysmon events

Best regards

Nicolás

Abdale Said

unread,

Aug 15, 2022, 11:40:54 AM8/15/22

to Wazuh mailing list

Thanks nicolas.zapata for the replay

I know sysmon very well and I already integrated with wazuh can you tell me what specific things to monitor on sysmon process creation when we trying to detect execution?

thanks

Reply all

Reply to author

Forward