Sysmon Network Connection Attempt not logging RRS feed

  • Question

  • As i checked the Sysmon log type 3 - Network connection,

    It seems that Sysmon does not collecting logs of unsuccessful connections attempt.

    I made a RDP connection to existing server and Sysmon created a log... When i tried a RDP to non existing server Sysmon didn't create a log... Any Solution to collect non established connection with Sysmon?

    TIA Kfir

    Thursday, October 15, 2020 5:06 PM

All replies

  • Sysmon does not support failed network connection logging.

    You might get value from DNSQuery logging.  A DNSQuery will generally precede a network connection attempt.

    • Edited by dstaulcu Friday, October 16, 2020 1:11 AM
    Friday, October 16, 2020 1:08 AM
  • Thank you for the quick response 🙂😉😉
    Friday, October 16, 2020 3:07 PM