Add sysmon + sysmon64

As Sysmon is more commonly used for logging I assume we should flag it also as known security tool. Signed-off-by: cmprmsd <73472903+cmprmsd@users.noreply.github.com>
BishopFox · Sep 8, 2022 · 88abea2 · 88abea2
1 parent 120d537
commit 88abea2
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/client/command/processes/ps.go b/client/command/processes/ps.go
@@ -66,6 +66,8 @@ var (
 		"SentinelHelperService.exe":       {console.Red, "SentinelOne"},                  // Sentinel One
 		"SentinelBrowserNativeHost.exe":   {console.Red, "SentinelOne"},                  // Sentinel One
 		"SentinelUI.exe":                  {console.Red, "SentinelOne"},                  // Sentinel One
+		"Sysmon.exe":                  	   {console.Red, "Sysmon"},                  	  // Sysmon
+		"Sysmon64.exe":                    {console.Red, "Sysmon64"},                     // Sysmon64		
 		"CylanceSvc.exe":                  {console.Red, "Cylance"},                      // Cylance
 		"CylanceUI.exe":                   {console.Red, "Cylance"},                      // Cylance
 		"TaniumClient.exe":                {console.Red, "Tanium"},                       // Tanium