Skip to main content
Skip table of contents

Microsoft Sysmon

This section contains information about log sources for Microsoft Sysmon. To implement LSO, you must use the new log source type MS Windows Event Logging XML - Sysmon and apply the LogRhythm Default v2.0 log processing policy. For information on supported log messages and parsing, see the configuration guide:


The subsequent LSO documentation contains detailed information on parsing changes and new log processing settings. The EVID pages show the differences between the old log processing policy (LogRhythm Default) and the new policy to be used with LSO (LogRhythm Default v2.0). Use these pages for reference as you migrate from the old log source type and LogRhythm Default policy to MS Windows Event Logging XML - Sysmon and LogRhythm Default v2.0 policy. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close