sysmon-linux \.+ Sysmon For Linux Event T1204 no_full_log 200150 ^1$ Sysmon - Event 1: Process creation $(eventdata.image) sysmon_event1 T1204 no_full_log 200150 ^3$ Sysmon - Event 3: Network connection by $(eventdata.image) sysmon_event3 T1043 no_full_log 200150 ^5$ Sysmon - Event 5: Process terminated $(eventdata.image) sysmon_event5 T1204 no_full_log 200150 ^9$ Sysmon - Event 9: Raw Access Read by $(eventdata.image) sysmon_event9 T1204 no_full_log 200150 ^11$ Sysmon - Event 11: FileCreate by $(eventdata.image) sysmon_event_11 T1044 no_full_log 200150 ^16$ Sysmon - Event 16: Sysmon config state changed $(Event.EventData.Data.Configuration) sysmon_event_16 T1562 no_full_log 200150 ^23$ Sysmon - Event 23: FileDelete (A file delete was detected) by $(eventdata.image) sysmon_event_23 T1107 T1485 no_full_log 200152 wazuh-agentd$|zabbix_agentd$ Sysmon - Event 3: Network connection by $(eventdata.image) sysmon_event3 T1107 T1485 no_full_log 200155 wazuh-agentd$ Sysmon - Event 11: FileCreate by $(eventdata.image) sysmon_event_11 T1107 T1485 no_full_log 200157 wazuh-agentd$ Sysmon - Event 23: FileDelete (A file delete was detected) by $(eventdata.image) sysmon_event_23 T1107 T1485 no_full_log 200152 eventdata.DestinationIp Multiple Sysmon Level 3 alerts for same destination IP. no_full_log