[RMM Update]: AnyDesk event log artifacts missing event ID 4697 from Security events log #26
Assignees
Comments
|
Thanks for opening the issue @Koifman Just FYI everytime a service install an 7045 EID will occur as well as a 4697 if the policy is enabled. In some RMMs we were explicit in mentioning, and in others not. I will get this fixed but as a general rule one of them is enough. Its like saying Sysmon EID 1 or Security 4688. Thanks. |
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
RMM Tool Name
AnyDesk
Type of Update
Forensic Artifact
Update Details
Hi team!
Thank you so much for this project, it is already of great use to me and for everyone else I believe.
I wanted to bring to your attention:
https://lolrmm.io/tools/anydesk#event-log-artifacts
In here, we see only the "service installed" log from the system log file, but it seems like the 4697 event ID from the security log file is not present. I have tested installing Anydesk and it does indeed generate that event ID:
I hope I'm not wasting your time with this, and it is actually something that can be added.
Thank you in advance,
Daniel.
References
Image attached in the ticket
The text was updated successfully, but these errors were encountered: