Resource Access Monitor logging
Resource Access Monitor logging
Is there a way to have the Resource Access Monitor always running in the background and logging to a file or other service? If not Resource Access Monitor, perhaps some other tool?
-
Barb@Invincea
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Resource Access Monitor logging
Hello Syntch,
The Resource Access Monitor appears in front of Sandboxie Control. Once you are done using it, you can click on "Copy Contents ..." and paste them in a file.
You can also invoke it and then use the Taskbar Icon ("pizza" icon) in order to launch applications from your Sandboxes while the monitor is running.
Here's some more information regarding how Resource Access Monitor works:
https://www.sandboxie.com/index.php?Res ... essMonitor
Another tool that you can use (and run in the background, add filters, export logs, etc...) is procmon
---> https://technet.microsoft.com/en-us/sys ... nitor.aspx
Regards,
Barb.-
The Resource Access Monitor appears in front of Sandboxie Control. Once you are done using it, you can click on "Copy Contents ..." and paste them in a file.
You can also invoke it and then use the Taskbar Icon ("pizza" icon) in order to launch applications from your Sandboxes while the monitor is running.
Here's some more information regarding how Resource Access Monitor works:
https://www.sandboxie.com/index.php?Res ... essMonitor
Another tool that you can use (and run in the background, add filters, export logs, etc...) is procmon
---> https://technet.microsoft.com/en-us/sys ... nitor.aspx
Regards,
Barb.-
Re: Resource Access Monitor logging
Thanks for the reply.
I am looking for a way to centrally log the actions within sandboxes on multiple systems. This would be used as input to something like a security information and event manager (SIEM) and/or used after a security incident by forensics. The output from the the Resource Access Monitor looks like the information I want, but it would need to be logged to a file or service automatically (which doesn't seem mentioned as possible in the link you provided?).
Is it possible to configure procmon so that it only logs all changes made by a sandbox (or all sandboxes on a system)?
I am looking for a way to centrally log the actions within sandboxes on multiple systems. This would be used as input to something like a security information and event manager (SIEM) and/or used after a security incident by forensics. The output from the the Resource Access Monitor looks like the information I want, but it would need to be logged to a file or service automatically (which doesn't seem mentioned as possible in the link you provided?).
Is it possible to configure procmon so that it only logs all changes made by a sandbox (or all sandboxes on a system)?
-
Barb@Invincea
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Resource Access Monitor logging
Syntch,
Perhaps this will help:
http://www.howtogeek.com/school/sysinte ... sson4/all/
Regards,
Barb.-
Perhaps this will help:
http://www.howtogeek.com/school/sysinte ... sson4/all/
Regards,
Barb.-
-
Curt@invincea
- Sandboxie Lead Developer
- Posts: 1638
- Joined: Fri Jan 17, 2014 5:21 pm
- Contact:
Re: Resource Access Monitor logging
This sounds like a job for Invincea X https://www.invincea.com/Syntch wrote:Thanks for the reply.
I am looking for a way to centrally log the actions within sandboxes on multiple systems. This would be used as input to something like a security information and event manager (SIEM) and/or used after a security incident by forensics. The output from the the Resource Access Monitor looks like the information I want, but it would need to be logged to a file or service automatically (which doesn't seem mentioned as possible in the link you provided?).
Is it possible to configure procmon so that it only logs all changes made by a sandbox (or all sandboxes on a system)?
Who is online
Users browsing this forum: No registered users and 1 guest
