Update the-sysmon-driver.md

darkoperator · web-flow · commit cbb82ac25762 · 2020-10-09T14:13:24.000-04:00
diff --git a/the-sysmon-driver.md b/the-sysmon-driver.md
@@ -21,7 +21,107 @@ Sysmon sets multiple callbacks on kernel objects in addition to using telemetry
 
 When the tool is downloaded from the Microsoft Sysinternals website <https://docs.microsoft.com/en-us/sysinternals/> it is important to save and identify previous versions since Microsoft does not provide older versions and the release notes do not detail what has been fixed. Microsoft has a fast release cycle, forcing users to test very carefully and to keep track of versions.
 
-![A screenshot of a social media post Description automatically
-generated](./media/image5.png)
+
+<table width="1280">
+<tbody>
+<tr>
+<td width="132">
+<p><strong>Version</strong></p>
+</td>
+<td width="114">
+<p><strong>Schema </strong></p>
+</td>
+<td width="522">
+<p><strong>Features</strong></p>
+</td>
+<td width="380">
+<p><strong>Known Issues</strong></p>
+</td>
+<td width="132">
+<p><strong>Release</strong></p>
+</td>
+</tr>
+<tr>
+<td width="132">
+<p>12.0</p>
+</td>
+<td width="114">
+<p>4.40</p>
+</td>
+<td width="522">
+<p>* Added support to capture text stored in to the clipboard by a process.</p>
+</td>
+<td width="380">
+<p>* Kernel memory write that can lead to code execution.</p>
+<p>* Metadata for driver still references.</p>
+<p>* Sysmon 11.1 and may affect install scripts.</p>
+<p>* Problems matching filters for FileDelete.</p>
+<p>* Blue Screen on some Windows 2016 DCs</p>
+</td>
+<td width="132">
+<p>September 17, 2020</p>
+</td>
+</tr>
+<tr>
+<td width="132">
+<p>11.1</p>
+</td>
+<td width="114">
+<p>4.31</p>
+</td>
+<td width="522">
+<p>* For Event ID 15 &ldquo;Content field was added to save text streams of less than 1k.</p>
+<p>* The &ndash;a commandline option has been removed. The custom archive directory must be set via configuration file.</p>
+<p>* Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10.</p>
+<p>* Fix rule parsing issue.</p>
+</td>
+<td width="380">
+<p>* Kernel memory write that can lead to code execution.</p>
+<p>* Blue Screen on on Win10 1809&nbsp;</p>
+</td>
+<td width="132">
+<p>June 24, 2020</p>
+</td>
+</tr>
+<tr>
+<td width="132">
+<p>11.0</p>
+</td>
+<td width="114">
+<p>4.30</p>
+</td>
+<td width="522">
+<p>* Control Reverse DNS Lookup.</p>
+<p>* Log file deletions and story copy of the file.</p>
+<p>* Bug Fixes.</p>
+</td>
+<td width="380">
+<p>* Does not log Process Creation on Windows 2016.</p>
+<p>* Kernel memory write that can lead to code execution.</p>
+</td>
+<td width="132">
+<p>April 28, 2020</p>
+</td>
+</tr>
+<tr>
+<td width="132">
+<p>10.42</p>
+</td>
+<td width="114">
+<p>4.23</p>
+</td>
+<td width="522">
+<p>* Fixed multiple memory leaks</p>
+<p>* Introduces the "Excludes Any" and "Excludes All" filtering conditions</p>
+</td>
+<td width="380">
+<p>* Issues with parsing some rules in configuration files.</p>
+</td>
+<td width="132">
+<p>December 11, 2019</p>
+</td>
+</tr>
+</tbody>
+</table>
 
 Another important piece of information is that there is no support from Microsoft on the Sysinternal tools—they are free and provided as is. This means that a testing plan for the environment it is deployed on should be formulated, tested, implemented, and improved upon as new versions of Sysmon are released.
