Is it possible to detect a usb device if a users inserted a usb device to the monitored device by DNIF? Thanks.
I think the information of USB connect or disconnect can be seen in Windows Event logs … could you try enabling -
Application and Services Logs > Microsoft > Windows > DriverFrameworks-UserMode > Operational service?
These records will consist of the following Event IDs:-
Hope you are using windows for linux platforms syslog data should populate usb events too…