@Eugene, did the reply from @CptOfEvilMinions help?
10/30/2020, 5:55 AM
Hi, we still have some questions:
In the polylogyx config-file, we found that not all logic was specified there, since the output is much more information in the logs. Therefore, we do not yet understand how to extend the polylogyx configuration to add our own rules there.
10/31/2020, 12:35 PM
what kind of rules do you wish to add? can you give an example?
Sysmon's format is XML and in osquery it is via JSON. Unfortunately there is not automated translation yet. The doc at https://github.com/polylogyx/osq-ext-bin (2.1 Types of Filters) describes how the filtering is applied in PolyLogyx extension, and to map it vis-a-vis the ones in sysmon. Any specific rules from above config that you want to apply and are not able to, let me know and will try to assist on how that translation could work