SysmonConfig

OSquery

Check Microsoft Sysinternals Sysmon config:

Query

select * from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CCS\Services\SysmonDrv\Parameters'

Additional Query Info

  • Interval: 86400

JSON

{
  "queries": {
    "SysmonConfig": {
      "query": "select * from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CCS\Services\SysmonDrv\Parameters'",
      "interval": "86400",
      "platform": "",
      "version": "",
      "description": "Check Microsoft Sysinternals Sysmon config",
      "value": ""
    }
  }
}