sysmon-modular

A Sysmon configuration repository designed for everyone to customize according to their needs.

This repository contains Microsoft Sysinternals Sysmon configurations, organized in a modular way for easier maintenance and the creation of specific configurations. Please remember that these configurations should be viewed as starting points; it is highly recommended to adjust them based on your specific environment. Note: To enhance the value of the FileExecutable event, consider merging the latest version of the LOLdrivers configuration into your existing config. You can easily do this by downloading the file and placing it in the 29_file_execute_detected folder, then generating a new configuration.

The xml file within the repository is automatically generated after a successful merge by the PowerShell script and a successful load by Sysmon during an Azure Pipeline run. For more information on how to create a custom configuration that includes your own modules, click here. Pre-Generated Configurations: Type: Config: Description: default: sysmonconfig.xml: This is the balanced configuration and is the most commonly used; more information can be found here. default+: sysmonconfig-with-filedelete.xml: This is also a balanced configuration and is widely used; it includes additional information regarding FileDelete file saves.