{"version":"1.0","provider_name":"S\u00e9curiser votre site","provider_url":"https:\/\/www.searchevolution.com\/security","author_name":"Germain","author_url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/","title":"Sysmon - S\u00e9curiser votre site","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"Fvp0Q4sGtC\"><a href=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/31\/sysmon\/\">Sysmon<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/31\/sysmon\/embed\/#?secret=Fvp0Q4sGtC\" width=\"600\" height=\"338\" title=\"&laquo; Sysmon &raquo; &#8212; S\u00e9curiser votre site\" data-secret=\"Fvp0Q4sGtC\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/* ]]> *\/\n<\/script>\n","description":"L&#8217;utilitaire sysmon qui fait partie de sysinternals est un driver qui permet de monitorer un syst\u00e8me. Cela permet d&#8217;avoir une vue d\u00e9taill\u00e9e des \u00e9v\u00e9nements critiques qui se produisent lors d&#8217;intrusions dans une machine : cr\u00e9ation de processus, connexions r\u00e9seau et changement \u00e0 la date de cr\u00e9ation de certains fichiers. L&#8217;analyse de ces \u00e9vements avec le Event Viewer ou votre syst\u00e8me SIEM (splunk, elasticsearch, alien vault ou autres) permet de rep\u00e9rer les activit\u00e9s anormales. Les \u00e9v\u00e9nements de Sysmon sont enregistr\u00e9s dans Applications and Services Logs\/Microsoft\/Windows\/Sysmon\/Operational Sysmon requiert un fichier de configuration. Je recommande le t\u00e9l\u00e9chargement de celui-ci : https:\/\/github.com\/SwiftOnSecurity\/sysmon-config Ce fichier"}