So we are wondering if by implementing the collection of Sysmon logs, we can stop collecting other logs all together. Can Sysmon logs completely take the place of certain "Event Logs"? (ie. it includes the event log data + additional data) Or is it a completely different set of information altogether. If we can sell that it will cut down on our index license usage, then management will definitely be all for it. ... View more

Are the Workflow Actions listed in the Enterprise Security Sandbox installed by default with a new Enterprise Security Sandbox License? ... View more