Sysmon and Suricata #9007
Sysmon and Suricata
#9007
-
|
Hi, just had a quick question. If I push sysmon to my endpoints and have them sending those to SO, will they raise Suricata alerts? Thanks! |
Beta Was this translation helpful? Give feedback.
Answered by
dougburks
Oct 27, 2022
Replies: 1 comment
-
|
No, Sysmon and Suricata are totally independent of each other. Sysmon generates telemetry about what is happening on an endpoint, whereas Suricata analyzes network traffic from a tap or span port. For more information, please see: |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
dougburks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No, Sysmon and Suricata are totally independent of each other. Sysmon generates telemetry about what is happening on an endpoint, whereas Suricata analyzes network traffic from a tap or span port. For more information, please see:
https://docs.securityonion.net/en/2.3/suricata.html
https://docs.securityonion.net/en/2.3/sysmon.html