Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,108 questions
Has anyone used the "ion-storm" XML configuration with sysmon?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SLM64
20
Reputation points
I'm trying to find someone who has used SwiftOnSecuritys "ion-storm" XML configuration with sysmon for event collection and has configured Wazuh rules for the events. I can't figure out how to configure Wazuh to work with the ion-storm agent configuration. I have many hours invested in this but there doesn't seem to be any forums out there that talk about using this very detailed XML file. Ayn help would be appreciated.
Norm
Sysinternals