{"id":98985,"date":"2021-10-20T10:00:52","date_gmt":"2021-10-20T17:00:52","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=98985"},"modified":"2023-05-15T23:07:07","modified_gmt":"2023-05-16T06:07:07","slug":"new-microsoft-sysmon-report-in-virustotal-improves-security","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/","title":{"rendered":"New Microsoft Sysmon report in VirusTotal improves security"},"content":{"rendered":"<p>Today, following the 25th year anniversary of <a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/\" target=\"_blank\" rel=\"noopener\">Microsoft Sysinternals<\/a>, we are announcing the general availability of a new Microsoft Sysmon report in\u00a0<a href=\"https:\/\/www.virustotal.com\/gui\/home\/upload\" target=\"_blank\" rel=\"noopener\">VirusTotal<\/a>.<\/p>\n<p>Whether you\u2019re an IT professional or a developer, you\u2019re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals utilities became indispensable for defenders as well, enabling security analytics and advanced detections. The System Monitor (Sysmon) utility, which records detailed information on the system&#8217;s activities in the Windows event log, is often used by security products to identify malicious activity.<\/p>\n<p>The new behavior report in VirusTotal includes extraction of Microsoft Sysmon logs for Windows executables (EXE) on Windows 10, with very low latency, and with Windows 11 on the roadmap. This is the latest milestone in the long history of collaboration between Microsoft and VirusTotal.\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/threat-protection\/microsoft-365-defender\" target=\"_blank\" rel=\"noopener\">Microsoft 365 Defender<\/a> uses VirusTotal reports as an accurate threat intelligence source, and VirusTotal uses detections from Microsoft Defender Antivirus as a primary source of detection in its arsenal. Microsoft Sysinternals Autoruns, Process Explorer, and Sigcheck tools integrate VirusTotal reports, and VirusTotal itself uses Sigcheck to report details on Windows portable executable files.<\/p>\n<p>The security industry has long recognized the value of Microsoft Sysmon. Last year, the United Kingdom National Cyber Security Center (NCSC) published a tutorial on basic logging requirements for security, <a href=\"https:\/\/www.ncsc.gov.uk\/information\/logging-made-easy\" target=\"_blank\" rel=\"noopener\">Logging Made Easy<\/a> (LME), and cited Microsoft Sysmon as the solution for security host-based logging. Security professionals are <a href=\"https:\/\/twitter.com\/olafhartong\/status\/1268091643531493377\" target=\"_blank\" rel=\"noopener\">building solutions<\/a> on Microsoft Sysmon. Microsoft Azure Sentinel includes several solutions based on Microsoft Sysmon, including <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/normalization-about-parsers\" target=\"_blank\" rel=\"noopener\">parsing and normalizing<\/a>\u00a0data. Meanwhile, TrustedSec has released a very useful <a href=\"https:\/\/www.trustedsec.com\/blog\/why-we-are-launching-the-trustedsec-sysmon-community-guide\/\" target=\"_blank\" rel=\"noopener\">community guide for Sysmon configuration<\/a>, noting how the tool provides security value to customers. Splunk also released a blog post that highlights how <a href=\"https:\/\/www.splunk.com\/en_us\/blog\/security\/a-salacious-soliloquy-on-sysmon.html\" target=\"_blank\" rel=\"noopener\">Sysmon events can be used for threat hunting<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-99186 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture13.png\" alt=\"Microsoft Sysinternals report in VirusTotal.\" width=\"1279\" height=\"327\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture13.png 1279w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture13-300x77.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture13-1024x262.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture13-768x196.png 768w\" sizes=\"(max-width: 1279px) 100vw, 1279px\" \/><\/p>\n<p><em>Figure 1: Microsoft Sysinternals report in VirusTotal.<\/em><\/p>\n<p>Adding the unique capabilities of Microsoft Sysmon to VirusTotal expands the intelligence available for the whole security community to consume, analyze, and inform solutions\u2014resulting in better security for all.<\/p>\n<blockquote><p><em>\u201cWe are really excited about this new collaboration with Microsoft that reinforces our long partnership to keep our world a little bit safer. VirusTotal is based on industry and community collaboration. We scan users&#8217; submissions with a variety of tools to correlate and further characterize files, URLs, IP addresses, and domains to highlight suspicious signals. We also run executables uploaded to VirusTotal in a controlled environment, resulting in the discovery of the network infrastructure used by attackers, registry keys providing persistence on infected machines, and other valuable indicators of compromise. The integration of Microsoft Sysmon is an important added value to the already existing behavior analysis solutions in the VirusTotal Multisandbox project that will benefit the entire cybersecurity community.\u201d\u2014<\/em>Karl Hiramoto, Senior Software Engineer, VirusTotal<\/p><\/blockquote>\n<h2>A look at the Microsoft Sysmon report<\/h2>\n<p>Sysmon\u2019s logging capabilities cover important system events such as process activity, complete with command line, activity on the filesystem and registry, network connections, and more. The <a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/sysmon\" target=\"_blank\" rel=\"noopener\">Sysmon documentation<\/a> provides an exhaustive description of all the available events and security features.<\/p>\n<p>The Sysmon logs in the new behavior report in VirusTotal include an extraction of a rich set of indicators of compromise (IoCs) and system metadata from Microsoft Sysmon security events.<\/p>\n<p>For example, the activity of a coin miner malware is captured in Sysmon and exposed in the detonation report. The process activity is captured in the Process Tree, as well as in the Processes Created and Processes Terminated sections:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-98991 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2.png\" alt=\"Process tree, process created, and process terminated info in Microsoft Sysinternals report.\" width=\"1405\" height=\"757\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2.png 1405w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2-300x162.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2-1024x552.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2-768x414.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture2-389x209.png 389w\" sizes=\"(max-width: 1405px) 100vw, 1405px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-98994 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture3.png\" alt=\"Process tree, process created, and process terminated info in Microsoft Sysinternals report.\" width=\"1519\" height=\"328\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture3.png 1519w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture3-300x65.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture3-1024x221.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture3-768x166.png 768w\" sizes=\"(max-width: 1519px) 100vw, 1519px\" \/><\/p>\n<p><em>Figure 2: Process tree, process created, and process terminated info in Microsoft Sysinternals report.<\/em><\/p>\n<p>Network events show the malware communication to the miner\u2019s server:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-98997 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture4.png\" alt=\"IP traffic and DNS resolutions info in Microsoft Sysinternals report.\" width=\"483\" height=\"171\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture4.png 483w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture4-300x106.png 300w\" sizes=\"(max-width: 483px) 100vw, 483px\" \/><\/p>\n<p><em>Figure 3: IP traffic and DNS resolutions info in Microsoft Sysinternals report.<\/em><\/p>\n<p>The rest of the sections contain information about files, registry artifacts, and more. For example, the dropped files are captured and registry keys are logged:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-99000 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture5.png\" alt=\"Dropped files and registry modification info in Microsoft Sysinternals report\" width=\"539\" height=\"193\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture5.png 539w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture5-300x107.png 300w\" sizes=\"(max-width: 539px) 100vw, 539px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-99003\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture6.png\" alt=\"Dropped files and registry modification info in Microsoft Sysinternals report\" width=\"582\" height=\"152\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture6.png 582w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture6-300x78.png 300w\" sizes=\"(max-width: 582px) 100vw, 582px\" \/><\/p>\n<p><em>Figure 4: Dropped files and registry modification info in Microsoft Sysinternals report.<\/em><\/p>\n<p>Some of the shell commands clearly identify the threat as a coin miner:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-99006 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture7.png\" alt=\"Shell commands info in Microsoft Sysinternals report.\" width=\"826\" height=\"335\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture7.png 826w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture7-300x122.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture7-768x311.png 768w\" sizes=\"(max-width: 826px) 100vw, 826px\" \/><\/p>\n<p><em>Figure 5: Shell commands info in Microsoft Sysinternals report.<\/em><\/p>\n<h2>Better community threat intelligence results, better security for all<\/h2>\n<p>We discussed <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/using-the-virustotal-v3-api-with-msticpy-and-azure-sentinel\/ba-p\/1893121\" target=\"_blank\" rel=\"noopener\">in a past blog entry<\/a> how to use the <a href=\"https:\/\/github.com\/microsoft\/msticpy\" target=\"_blank\" rel=\"noopener\">MSTICPy Threat Intelligence APIs<\/a> to query information about IOCs and how to build relationships and graphs from them. Now we are publishing a <a href=\"https:\/\/github.com\/Azure\/Azure-Sentinel-Notebooks\/blob\/master\/VirusTotal%20File%20Behavior%20Explorer%20-%20MS%20and%20Sysmon%20detonation.ipynb\" target=\"_blank\" rel=\"noopener\">new notebook<\/a> to explore file detonation data from VirusTotal. This new notebook lets researchers:<\/p>\n<ul>\n<li>Query and browse VirusTotal summary and detonation data for a given file hash.<\/li>\n<li>Visualize detonation process trees with command lines.<\/li>\n<li>Look up related IOCs (in VirusTotal and other providers).<\/li>\n<li>Generate sample queries for Azure Sentinel to search for indicators from the detonation data.<\/li>\n<\/ul>\n<p>These new features allow researchers to find stronger and more accurate relationships between detonation samples and campaigns that may be active in their own organizations.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-99009\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture8.png\" alt=\"Browsing detonation data and displaying the process tree\" width=\"1431\" height=\"561\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture8.png 1431w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture8-300x118.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture8-1024x401.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture8-768x301.png 768w\" sizes=\"(max-width: 1431px) 100vw, 1431px\" \/><\/p>\n<p><em>Figure 6: Browsing detonation data and displaying the process tree.<\/em><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-99012\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9.png\" alt=\"Generating a query to hunt for indicators from the detonation sample\" width=\"1158\" height=\"760\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9.png 1158w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9-300x197.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9-1024x672.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9-768x504.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/Picture9-200x130.png 200w\" sizes=\"(max-width: 1158px) 100vw, 1158px\" \/><\/p>\n<p><em>Figure 7: Generating a query to hunt for indicators from the detonation sample.<\/em><\/p>\n<h2>Learn more<\/h2>\n<p>In closing, the events captured by Microsoft Sysmon logs identify valuable behaviors and IoCs leveraged for detections and threat hunting.<\/p>\n<p>The incorporation of <a href=\"https:\/\/www.virustotal.com\/gui\/home\/upload\" target=\"_blank\" rel=\"noopener\">Sysmon reports in VirusTotal<\/a> provides cybersecurity experts with an additional, valuable source of information to perform malware analysis and threat hunting. We recommend any field expert to make full use of the rich and accurate IoCs provided by Sysmon reports for their daily duties. Please <a href=\"mailto:SysmonVTReport@microsoft.com\" target=\"_blank\" rel=\"noopener\">email us your feedback<\/a>, we look forward to hearing from the security community.<\/p>\n<p>To learn more about Microsoft Security solutions,\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener\">visit our\u00a0website<\/a>.\u00a0Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in\u00a0VirusTotal. Whether you\u2019re an IT professional or a developer, you\u2019re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals [&hellip;]<\/p>\n","protected":false},"author":98,"featured_media":99105,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3665],"products":[3690],"threat-intelligence":[],"tags":[3809],"coauthors":[2835,2832],"class_list":["post-98985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-analyst-reports","products-microsoft-defender","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in\u00a0VirusTotal. Whether you\u2019re an IT professional or a developer, you\u2019re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-20T17:00:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:07:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Giulia Biagini, Andi Comisioneru\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Giulia Biagini, Andi Comisioneru\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/giulia-biagini\/\",\"@type\":\"Person\",\"@name\":\"Giulia Biagini\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/andi-comisioneru\/\",\"@type\":\"Person\",\"@name\":\"Andi Comisioneru\"}],\"headline\":\"New Microsoft Sysmon report in VirusTotal improves security\",\"datePublished\":\"2021-10-20T17:00:52+00:00\",\"dateModified\":\"2023-05-16T06:07:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\"},\"wordCount\":945,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\",\"name\":\"New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\",\"datePublished\":\"2021-10-20T17:00:52+00:00\",\"dateModified\":\"2023-05-16T06:07:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg\",\"width\":1200,\"height\":900,\"caption\":\"Business person leans over desk to use Acer Porsche RS laptop in a conference room.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Microsoft Sysmon report in VirusTotal improves security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/","og_locale":"en_US","og_type":"article","og_title":"New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog","og_description":"Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in\u00a0VirusTotal. Whether you\u2019re an IT professional or a developer, you\u2019re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-10-20T17:00:52+00:00","article_modified_time":"2023-05-16T06:07:07+00:00","og_image":[{"width":1200,"height":900,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","type":"image\/jpeg"}],"author":"Giulia Biagini, Andi Comisioneru","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","twitter_misc":{"Written by":"Giulia Biagini, Andi Comisioneru","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/giulia-biagini\/","@type":"Person","@name":"Giulia Biagini"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/andi-comisioneru\/","@type":"Person","@name":"Andi Comisioneru"}],"headline":"New Microsoft Sysmon report in VirusTotal improves security","datePublished":"2021-10-20T17:00:52+00:00","dateModified":"2023-05-16T06:07:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/"},"wordCount":945,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/","name":"New Microsoft Sysmon report in VirusTotal improves security | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","datePublished":"2021-10-20T17:00:52+00:00","dateModified":"2023-05-16T06:07:07+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/10\/WIN22_HybridWork_001.jpg","width":1200,"height":900,"caption":"Business person leans over desk to use Acer Porsche RS laptop in a conference room."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/20\/new-microsoft-sysmon-report-in-virustotal-improves-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"New Microsoft Sysmon report in VirusTotal improves security"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/98985"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/98"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=98985"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/98985\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/99105"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=98985"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=98985"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=98985"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=98985"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=98985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=98985"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=98985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}