Skip to content

File Event Monitor

Jump to bottom
Namhyeon, Go edited this page Sep 10, 2024 · 30 revisions

File Event Monitor

From WelsonJS version 0.2.7.36, complete support for handling system events (mainly events related to file activities) is provided. This is implemented using Sysinternals Sysmon (microsoft.com).

The events that can be handled are as follows:

  • File creation
  • Network connection (TCP, UDP)
  • Registry changes

Implement an event listener

The methods onFileCreated, onNetworkConnected, and onRegistryModified are available to implement an event listener. You can find examples in defaultService.js.

function onFileCreated(args) {
    return "onFileCreated recevied. " + args.join(', ');
}

function onNetworkConnected(args) {
    return "onNetworkConnected recevied. " + args.join(', ');
}

function onRegistryModified(args) {
    return "onRegistryModified recevied. " + args.join(', ');
}

For System Administrators or Security Analysts

MITRE ATT&CK (MITRE attack)

Outdated content warning

This document may contain outdated content. For the latest information, please contact us directly or refer to the webpage below.

Clone this wiki locally