Problem when parsing Sysmon message Event 12

Tags: NXLog Enterprise Edition

#1 dudu.zbeda@cognyte.com 1 year ago

I'm using NX log enterprise to collect Sysmon logs.

I have a problem with EventID 12 , In the original (Windows view ) the event type is set to EventType: CreateKey

As part of the NXlog output, in the Metadata the Event type is set to INFO and only in the msg field i can see the EventType: CreateKey

Please advice

Permalink

#2 alexander.lifanov@nxlog.org Nxlog ✓ 11 months ago (Last updated 11 months ago )

Could you send your config and EE version to NXLog EE tech support line for checking?
https://nxlog.co/support-tickets