Updated SysmonView

Here is the latest update of Sysmon View (1.1), the tool incorporated much of the feedback received (thank you all), bug fixing and new features, here they are:

  • Bug fixes related to internal database connectivity errors
  • Bug fixes related to UI not to be reset after resetting data
  • Bug related to the way information about binary images (executables) are collected
  • Sysmon View design is now based on visual modules (currently there are two visual modules)
  • Sysmon comes in 32 and 64 builds
  • New cool “Black” theme 🙂
  • “Process View” got an additional filtering option that will show images (executables) that are being reported with only selected events, so if the analyst would like to view the timeline of a process, but excluding it’s network and Image loaded events, then this filter will help narrow down the results (as shown in the following screenshot)

  • Map View: you can also view network events based on destination country (thanks to freegeoip.net for the free API), this will work only if the geo-location option was selected during the import process. Selecting any country will display the related network events. Check it out

There are many enhancements I am currently working on, in addition to new features, but I decided to release earlier instead of waiting too long between releases.

Sysmon View can be downloaded (32 & 64 builds) from Github @ this link (Password is “password” without “”):

For any questions or suggestions, please contact me by email.