Skip to content
/ sysmon-config Public
forked from SwiftOnSecurity/sysmon-config

Sysmon configuration file template with default high-quality event tracing

0 stars 1.7k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Phorofor/sysmon-config

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
README.md
README.md
 
 
sysmonconfig-export.xml
sysmonconfig-export.xml
 
 

Repository files navigation

sysmon-config

A Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing.

Should serve as a great starting point to tune Sysmon for your environment - implement it on test systems and add entries to screen out uninteresting events. Should give you an idea of what's possible for Sysmon.

Pull requests are welcome, new additions will be credited in-line.

Note: Exact syntax and filtering choices are highly deliberate to catch appropriate entries and to have as little performance impact as possible. Sysmon's abilities are different than some built-in Windows auditing features, so some compromises have been made.

Use

Install

Run with administrator rights

sysmon.exe -accepteula -i sysmonconfig-export.xml

Update existing configuration

Run with administrator rights

sysmon.exe -c sysmonconfig-export.xml

About

Sysmon configuration file template with default high-quality event tracing

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published