trustedsec
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎Build/Sysmon.md‎
Lines changed: 1 addition & 1 deletion b/‎Build/Sysmon.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 7 additions & 7 deletions b/‎README.md‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎chapters/Sysmon.md‎
Lines changed: 1 addition & 1 deletion b/‎chapters/Sysmon.md‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,2 @@
+
+chapters/.DS_Store
@@ -1862,7 +1862,7 @@ Example of libraries leveraged by attackers
 
 Sysmon will log **EventID 3** for all TCP and UDP network connections. This event will generate a large number of entries and filtering should be tuned for specific processes and ports. 
 
-For the DestinationHostname, the GetNameInfo API is used and it will often not have any information and may just be a CDN, making it NOT reliable for filtering since it uses a reverse DNS Lookup to get this information, in Sysmon v11.0 this behaviour can be disabled by using the ```<DnsLookup>True</DnsLookup>``` at the root of the confifuration file. 
+For the DestinationHostname, the GetNameInfo API is used and it will often not have any information and may just be a CDN, making it NOT reliable for filtering since it uses a reverse DNS Lookup to get this information, in Sysmon v11.0 this behaviour can be disabled by using the ```<DnsLookup>True</DnsLookup>``` at the root of the configuration file. 
 
 For the DestinationPortName, the GetNameInfo API is used for the friendly name of ports. In the case of services doing connections on some systems due to memory use, they are hosted under svchost.exe and most connections will originate from this process.
 
 
@@ -1,16 +1,12 @@
 
 <p><img align="left" width="100" height="100" src="chapters/media/tslogo.png"></p>
 
-
 # TrustedSec Sysmon Community Guide
 
-
-
 <p align="center"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/" style="display: inline-block; float: left; vertical-align: middle; margin: 10px;"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/88x31.png" /></a></p>
 
 This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/licenses/by-sa/4.0/), please attribute to TrustedSec LLC
 
-
 ###### You are free to:
 
 **Share** — copy and redistribute the material in any medium or format.
@@ -19,7 +15,6 @@ This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 Inter
 
 The authors encourage you to redistribute this content as widely as possible, but require that you give credit to the primary authors below, and that you notify us on GitHub of any improvements you make.
 
-
 Table of Contents
 =================
 
@@ -29,11 +24,16 @@ Table of Contents
 
   * [The Sysmon Driver](./chapters/the-sysmon-driver.md)
 
-  * [Install and Configuration](./chapters/install-and-configuration.md)
+  * [Install and Configuration](./chapters/install_windows.md)
 
 * Sysmon on Linux
+  
   * [sysinternalsEBPF](./chapters/eBPF.md)
 
+  * [Install and Configuration](./chapters/install_linux.md)
+
+* [Configuration](./chapters/configuration.md)
+
 * Sysmon Events
 
   * [Process Events](./chapters/process-events.md)
@@ -51,7 +51,7 @@ Table of Contents
     * [File Create Time Change](./chapters/file-create-time-change.md)
 
     * [File Stream Creation Hash](./chapters/file-stream-creation-hash.md)
-    
+
     * [File Delete](./chapters/file-delete.md)
 
     * [File Delete Detected](./chapters/file_delete_detected.md)
 
@@ -1835,7 +1835,7 @@ Example of libraries leveraged by attackers
 
 Sysmon will log **EventID 3** for all TCP and UDP network connections. This event will generate a large number of entries and filtering should be tuned for specific processes and ports. 
 
-For the DestinationHostname, the GetNameInfo API is used and it will often not have any information and may just be a CDN, making it NOT reliable for filtering since it uses a reverse DNS Lookup to get this information, in Sysmon v11.0 this behaviour can be disabled by using the ```<DnsLookup>True</DnsLookup>``` at the root of the confifuration file. 
+For the DestinationHostname, the GetNameInfo API is used and it will often not have any information and may just be a CDN, making it NOT reliable for filtering since it uses a reverse DNS Lookup to get this information, in Sysmon v11.0 this behaviour can be disabled by using the ```<DnsLookup>True</DnsLookup>``` at the root of the configuration file. 
 
 For the DestinationPortName, the GetNameInfo API is used for the friendly name of ports. In the case of services doing connections on some systems due to memory use, they are hosted under svchost.exe and most connections will originate from this process.