Error 255 appears, please help me figure it out. #198
Comments
|
Hello @h3nkbleck This is informational notification from the sysmon driver telling you that some events have not been processed. It has been added since Sysmon V15.10. Best Regards, |
|
@lsoumille Thank you for information. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please help me figure out how to fix these errors or eliminate them. Events with msgid 255 from sysmon appear in the SIEM system.
Contents of the following event data:
"text": "Events dropped from driver queue: ProcessAccess:1",
"text": "Events dropped from driver queue: ImageLoad:2",
"text": "Events dropped from driver queue: ImageLoad:1 ProcessAccess:16",
"text": "Events dropped from driver queue: ImageLoad:1 ProcessAccess:51 RegistryEvent:4",
"text": "Events dropped from driver queue: ImageLoad:3 ProcessAccess:4 RegistryEvent:4",
Here is the full log:
{
"Event": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event",
"System": {
"Provider": {
"Name": "Microsoft-Windows-Sysmon",
"Guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}"
},
"EventID": "255",
"Version": "3",
"Level": "2",
"Task": "255",
"Opcode": "0",
"Keywords": "0x8000000000000000",
"TimeCreated": {
"SystemTime": "2024-03-01T08:22:36.7399186Z"
},
"EventRecordID": "1239498",
"Correlation": null,
"Execution": {
"ProcessID": "4300",
"ThreadID": "6532"
},
"Channel": "Microsoft-Windows-Sysmon/Operational",
"Computer": "h43-12-4-21211.company.com.local",
"Security": {
"UserID": "S-1-5-18"
}
},
"EventData": {
"Data": [
{
"text": "2024-03-01 08:22:36.738",
"Name": "UtcTime"
},
{
"text": "QUEUE",
"Name": "ID"
},
{
"text": "Events dropped from driver queue: ProcessAccess:1 RegistryEvent:1",
"Name": "Description"
}
]
}
}
}
The text was updated successfully, but these errors were encountered: