Hi,
I was always under the impression that you needed to deploy Sysmon along side the Agent however I have just accidentaly educated myself during a lab re-build and can see that Sysmon is rolled with the Agent.
However the sysmon binary and config files are not in the directory I would expect them to be. Can you please advise on where the config file for Sysmon is located with this setup and confirm that there is no reason why we can not replace it with our own custom rule lists ?
Thanks in advance