Windows Event Collector Sysmon Installation

Overview
USM Anywhere Architecture
USM Anywhere Data Security
USM Anywhere Log Data Enhancement
USM Anywhere Quick Start Guides
USM Anywhere Deployment Guide
- Overview
- USM Anywhere Deployment Types and Scalability
- USM Anywhere Sensor Deployments
- The AWS Cloud Connector Deployment in USM Anywhere
- Network Setup and Configuration
- Data Sources and Log Collection
  - Overview
  - The Syslog Server Sensor App
  - The Graylog (GELF) Sensor App
  - Collecting Linux System Logs
  - Collecting Windows System Logs
    - Overview
    - NXLog CE for Windows Hosts
    - Windows Event Collector Sensor App
- File Integrity Monitoring
- Alarm and Event Notifications
- Troubleshooting and Remote Sensor Support
USM Anywhere User Guides
USM Anywhere Agents Guide
USM Anywhere BlueApps Guide

System Monitor (Sysmon) is a Windows system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows Event Log. It provides detailed information about process creations, network connections, and changes to file creation time. Sysmon is a free Windows Sysinternals tool from Microsoft. Installation of Sysmon is optional, but highly recommended. To install Sysmon

Download the Sysmon ZIP file and unzip it in the target system.
Download the Sysmon configuration file to a folder and name the file sysmon_config.xml.
Install Sysmon in the Windows system and execute the following command:
```
sysmon.exe -accepteula -h md5 -n -l -i sysmon_config.xml
```
Sysmon starts logging the information to the Windows Event Log.
Open USM Anywhere and verify that you are receiving Sysmon events.

Windows Event Collector Sensor App Log Forwarding File Integrity Monitoring

USM Anywhere™

USM Central™

Automated Policy Manager

Windows Event Collector Sysmon Installation