Example usage of is-any feature new to sysmon v11.0 #24
Description
In Sysinternals Video Update for June 2020 on Youtube, minute 4:45 describes a new feature of sysmon v11 providing new "is-all" filtering condition as ability to specify multiple conditions and require all of them to be satisfied before an event is logged.
Sysmon (v12) schema shows these filters which are new to me:
is,is not,contains,contains any,is any,contains all,excludes,excludes any,excludes all,begin with,end with,less than,more than,image
The video does not provide an example of usage of these (these) new filtering options. I think it would be helpful to document usage here so folks (like me) can get up and running with it faster.