Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > How To configure a Windows Sysmon connector on a LEM appliance

How To configure a Windows Sysmon connector on a LEM appliance

Updated December 5, 2017

Overview

This article describes how to configure the Windows Sysmon connector and set up your LEM Web Console to communicate with the connector. 

Environment

  • LEM 6.3.1 and higher

Steps

To set up the connector:

  1. Add a registry key.
  2. Create a new connector on the LEM appliance

Add a registry key

  1. Log in to the node or agent machine and open the registry editor (Regedit.exe).
  2. Navigate to:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
  3. Right-click EventLog > New Key.
  4. Enter the following name for the new key:
    Microsoft-Windows-Sysmon/Operational
    sysmonreg.jpg

Create a new connector on the LEM appliance

  1. On your LEM appliance, log in to the LEM Web Console or Air Console.
  2. Select Manage > Nodes.
    manage-nodes.png
  3. In the Nodes screen, select the Windows Node that requires a connector.
  4. Click gear.png next to the node and select Connectors. 
  5. In the search box, search for:
    Sysmon
  6. Select the connector.
  7. Click gear.png and select New.
  8. Select the new connector.
  9. Click gear.png next to the connector and click Start. 

 

 

 

Last modified

Tags

Classifications

Public