Sysmon: user and integrity level of parent process? RRS feed

  • Question

  • I would like to see more information regarding the parent process in Sysmon process creation event. Currently we have ParentCommandLine, ParentProcessGuid, ParentImage and ParentProcessId. Those information are useful, however, the user of parent process and the integrity level of parent process can also be very helpful in security investigation. Is there anyway to fetch user/integrity information of parent process? Thanks.
    Tuesday, February 19, 2019 1:04 AM

All replies