Search - JPCERTCC/SysmonSearch GitHub Wiki

Search for events by specifying conditions.

• Find Now: Search according to the specified conditions.
• Save as Detection Rule: Save the search conditions as a rule to use in Alert.
• Import: Import search conditions from IoC file.

The maximum number of records displayed is 10,000.

Click Table to move to List of Process that occurred 1 hour before and after.

Click Graph to move to Event Correlation that occurred 1 hour before and afte1r.

Click Image to move to Parent and Child Process.