update table with changes

the-sysmon-driver.md

@@ -21,103 +21,134 @@ Sysmon sets multiple callbacks on kernel objects in addition to using telemetry
 
 When the tool is downloaded from the Microsoft Sysinternals website <https://docs.microsoft.com/en-us/sysinternals/> it is important to save and identify previous versions since Microsoft does not provide older versions and the release notes do not detail what has been fixed. Microsoft has a fast release cycle, forcing users to test very carefully and to keep track of versions.
 
-
 <table width="1280">
 <tbody>
-<tr>
-<td width="132">
+<tr style="height: 46px;">
+<td style="height: 46px;" width="132">
 <p><strong>Version</strong></p>
 </td>
-<td width="114">
+<td style="height: 46px;" width="114">
 <p><strong>Schema </strong></p>
 </td>
-<td width="522">
+<td style="height: 46px;" width="522">
 <p><strong>Features</strong></p>
 </td>
-<td width="380">
-<p><strong>Known Issues</strong></p>
-</td>
-<td width="132">
+<td style="height: 46px;" width="132">
 <p><strong>Release</strong></p>
 </td>
 </tr>
-<tr>
-<td width="132">
+<tr style="height: 46px;">
+<td style="height: 46px;" width="132">
+<p>13.01</p>
+</td>
+<td style="height: 46px;" width="114">4.50&nbsp;</td>
+<td style="height: 46px;" width="522">&nbsp;* Fixed regression bug where several event types where not logged.&nbsp;</td>
+<td style="height: 46px;" width="132">&nbsp;January 13, 2021</td>
+</tr>
+<tr style="height: 46px;">
+<td style="height: 46px;" width="132">
+<p>13.0</p>
+</td>
+<td style="height: 46px;" width="114">&nbsp;4.50</td>
+<td style="height: 46px;" width="522">&nbsp;* Added support for Process Tampering Detection.</td>
+<td style="height: 46px;" width="132">&nbsp;January 11, 2021</td>
+</tr>
+<tr style="height: 61px;">
+<td style="height: 61px;" width="132">12.03</td>
+<td style="height: 61px;" width="114">&nbsp;4.40</td>
+<td style="height: 61px;" width="522">&nbsp;* fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules.</td>
+<td style="height: 61px;" width="132">&nbsp;November 25, 2020</td>
+</tr>
+<tr style="height: 61px;">
+<td style="height: 61px;" width="132">12.02</td>
+<td style="height: 61px;" width="114">&nbsp;4.40</td>
+<td style="height: 61px;" width="522">&nbsp;* This update to Sysmon fixes several configuration parsing bugs.</td>
+<td style="height: 61px;" width="132">&nbsp;November 4, 2020</td>
+</tr>
+<tr style="height: 61px;">
+<td style="height: 61px;" width="132">12.01</td>
+<td style="height: 61px;" width="114">&nbsp;4.40</td>
+<td style="height: 61px;" width="522">&nbsp;* Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.</td>
+<td style="height: 61px;" width="132">&nbsp;October 16, 2020</td>
+</tr>
+<tr style="height: 192px;">
+<td style="height: 192px;" width="132">
 <p>12.0</p>
 </td>
-<td width="114">
+<td style="height: 192px;" width="114">
 <p>4.40</p>
 </td>
-<td width="522">
+<td style="height: 192px;" width="522">
 <p>* Added support to capture text stored in to the clipboard by a process.</p>
 </td>
-<td width="380">
-<p>* Kernel memory write that can lead to code execution.</p>
-<p>* Metadata for driver still references.</p>
-<p>* Sysmon 11.1 and may affect install scripts.</p>
-<p>* Problems matching filters for FileDelete.</p>
-<p>* Blue Screen on some Windows 2016 DCs</p>
-</td>
-<td width="132">
+<td style="height: 192px;" width="132">
 <p>September 17, 2020</p>
 </td>
 </tr>
-<tr>
-<td width="132">
+<tr style="height: 196px;">
+<td style="height: 196px;" width="132">
+<p>11.11</p>
+</td>
+<td style="height: 196px;" width="114">
+<p>4.4</p>
+</td>
+<td style="height: 196px;" width="522">
+<p>* Fixes a bug that prevented USB media from being ejected.</p>
+<p>* Fixes an issue that could stop network event logging and a resulting memory leak.</p>
+<p>* Fixes logs file delete events for delete-on-close files.</p>
+</td>
+<td style="height: 196px;" width="132">
+<p>July 15, 2020</p>
+</td>
+</tr>
+<tr style="height: 196px;">
+<td style="height: 196px;" width="132">
 <p>11.1</p>
 </td>
-<td width="114">
+<td style="height: 196px;" width="114">
 <p>4.31</p>
 </td>
-<td width="522">
+<td style="height: 196px;" width="522">
 <p>* For Event ID 15 &ldquo;Content field was added to save text streams of less than 1k.</p>
 <p>* The &ndash;a commandline option has been removed. The custom archive directory must be set via configuration file.</p>
 <p>* Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10.</p>
 <p>* Fix rule parsing issue.</p>
 </td>
-<td width="380">
-<p>* Kernel memory write that can lead to code execution.</p>
-<p>* Blue Screen on on Win10 1809&nbsp;</p>
-</td>
-<td width="132">
+<td style="height: 196px;" width="132">
 <p>June 24, 2020</p>
 </td>
 </tr>
-<tr>
-<td width="132">
+<tr style="height: 110px;">
+<td style="height: 110px;" width="132">
 <p>11.0</p>
 </td>
-<td width="114">
+<td style="height: 110px;" width="114">
 <p>4.30</p>
 </td>
-<td width="522">
+<td style="height: 110px;" width="522">
 <p>* Control Reverse DNS Lookup.</p>
 <p>* Log file deletions and story copy of the file.</p>
 <p>* Bug Fixes.</p>
 </td>
-<td width="380">
-<p>* Does not log Process Creation on Windows 2016.</p>
-<p>* Kernel memory write that can lead to code execution.</p>
-</td>
-<td width="132">
+<td style="height: 110px;" width="132">
 <p>April 28, 2020</p>
 </td>
 </tr>
-<tr>
-<td width="132">
+<tr style="height: 78px;">
+<td style="height: 78px;" width="132">
 <p>10.42</p>
 </td>
-<td width="114">
+<td style="height: 78px;" width="114">
 <p>4.23</p>
 </td>
-<td width="522">
-<p>* Fixed multiple memory leaks</p>
-<p>* Introduces the "Excludes Any" and "Excludes All" filtering conditions</p>
-</td>
-<td width="380">
-<p>* Issues with parsing some rules in configuration files.</p>
+<td style="height: 78px;" width="522">
+<div>* Memory&nbsp;leaks&nbsp;in&nbsp;DNS,&nbsp;Networking&nbsp;and&nbsp;Image&nbsp;load&nbsp;events</div>
+<div>* Bug&nbsp;fixes&nbsp;including&nbsp;filtering,&nbsp;rule&nbsp;group&nbsp;names,&nbsp;NULL&nbsp;process&nbsp;GUIDS&nbsp;and&nbsp;W3LOGSVC&nbsp;interop&nbsp;issue</div>
+<div>* Increased&nbsp;rule&nbsp;name&nbsp;field&nbsp;length&nbsp;from&nbsp;32&nbsp;to&nbsp;128&nbsp;characters</div>
+<div>* Added&nbsp;&ldquo;excludes&nbsp;any&rdquo;&nbsp;and&nbsp;&ldquo;excludes&nbsp;all&rdquo;&nbsp;filtering&nbsp;conditions.</div>
+<div>* Performance&nbsp;improvements&nbsp;for&nbsp;ImageLoad&nbsp;module</div>
 </td>
-<td width="132">
+<td style="height: 78px;" width="132">
 <p>December 11, 2019</p>
 </td>
 </tr>