Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

What's in a Sysmon Event - Windows Registry EventIDs 12, 13, 14

Overview For this post we are going to be focusing on three EventIDs that pertain to the Windows Registry.  These sysmon events occur when a registry key is created, updated, deleted, or renamed. ...
Blog
11.02.2021

What's in a sysmon event - eventid 5, process termination

Sysmon Eventid 5 - Process Termination This article pairs especially well with the Sysmon Process Creation blog post. We recommend you start there.
Blog
10.19.2021

Announcing Gravwell's Office 365 Management Log Ingester

If your enterprise is using Office 365, your users are generating log entries every time they log in, upload files to OneDrive, send an email--the logging is pretty extensive! You can analyze these...
Blog
12.17.2019

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...
Blog
06.20.2019

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

TOP