Skip to content
/ sysmon-config Public
forked from SwiftOnSecurity/sysmon-config

Sysmon configuration file template with default high-quality event tracing

0 stars 1.7k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mirageFI/sysmon-config

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
sysmonconfig-export.xml
sysmonconfig-export.xml
 
 

Repository files navigation

sysmon-config | A Sysmon configuration file for everybody

This is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing.

Should serve as a great starting point to tune Sysmon for your environment - implement it on test systems and add entries to screen out uninteresting events. Should give you an idea of what's possible for Sysmon. It demonstrates a lot of what I wish I knew when I began in 2014.

Pull requests are welcome, new additions will be credited in-line.

Note: Exact syntax and filtering choices are highly deliberate to catch appropriate entries and to have as little performance impact as possible. Sysmon's abilities are different than some built-in Windows auditing features, so some compromises have been made.

Use

Install

Run with administrator rights

sysmon.exe -accepteula -i sysmonconfig-export.xml

Update existing configuration

Run with administrator rights

sysmon.exe -c sysmonconfig-export.xml

Uninstall

Run with administrator rights

sysmon.exe -u

About

Sysmon configuration file template with default high-quality event tracing

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published