Sysmon Config

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Alternatives To Sysmon Config
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
32 days ago33April 08, 202223otherPython
Main Sigma Rule Repository
2 months ago31mitHTML
Automate the creation of a lab environment complete with security tooling and logging best practices
Sysmon Config4,081
23 days ago71
Sysmon configuration file template with default high-quality event tracing
2 years ago7
Utilities for Sysmon
Sentinel Attack692
2 years ago9mitHCL
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
a month agoapache-2.0Shell
Logging Made Easy
Sysmon Config529
4 years agon,ullBatchfile
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Ghost In The Logs297
3 years agomitC
Evade sysmon and windows event logging
2 years agobsd-3-clausePowerShell
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Sysmon Config Bypass Finder68
4 years agogpl-3.0Python
Detect possible sysmon logging bypasses given a specific configuration
Alternatives To Sysmon Config
Select To Compare

Alternative Project Comparisons

Sysmon Threat Intelligence Configuration

See the develop Branch for more bleeding edge updates:

This config is based off of the OR logic in sysmon 8.00 and 8.04, sysmon 8.02 breaks this functionality. Also 8.00 introduced a memory leak that will consume all available memory on your system if you frequently reload the config file. Upgrading to 8.04 is mandatory.

This is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing.

The file provided should function as a great starting point for system monitoring in a self-contained package. This configuration and results should give you a good idea of what's possible for Sysmon.


Because virtually every line is commented and sections are marked with explanations, it should also function as a tutorial for Sysmon and a guide to critical monitoring areas in Windows systems. It demonstrates a lot of what I wish I knew when I began with Sysmon in 2014.

Pull requests and issue tickets are welcome, and new additions will be credited in-line or on Git.

Note: Exact syntax and filtering choices are deliberate to catch appropriate entries and to have as little performance impact as possible. Sysmon's filtering abilities are different than the built-in Windows auditing features, so often a different approach is taken than the normal static listing of every possible important area.

This now has an Auto Updater script to update to the latest Sysmon config hourly. This is great for mass deployments without having to manually update thousands of systems.


Auto-Install with Auto Update Script:###

Install Sysmon.bat


Run with administrator rights

sysmon.exe -accepteula -i sysmonconfig-export.xml

Update existing configuration

Run with administrator rights

sysmon.exe -c sysmonconfig-export.xml


Run with administrator rights

sysmon.exe -u

Hide Sysmon from services.msc


Graylog Configuration


Popular Sysmon Projects
Popular Logger Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Threat Intelligence
Network Security
Threat Hunting
Mitre Attack
Threat Sharing