sysmon-modular
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
What is sysmon-modular?
sysmon-modular is a repository of modular configuration files for Microsoft Sysinternals Sysmon, a Windows system monitoring tool. It provides a structured, customizable way to build Sysmon configurations for endpoint detection and logging, helping security teams monitor system activity with tailored rule sets. The project solves the problem of managing complex, monolithic Sysmon configs by breaking rules into reusable modules.
Security professionals, incident responders, and system administrators who deploy and manage Sysmon for endpoint monitoring and threat detection in Windows environments.
Developers choose sysmon-modular for its modular design, which simplifies configuration maintenance and customization compared to flat XML files. Its detailed rule annotations, MITRE ATT&CK mappings, and pre-built configs provide a robust starting point for effective security logging.
Overview
A repository of sysmon configuration modules
Use Cases
Best For
- Building custom Sysmon configurations for specific Windows environments (e.g., domain controllers vs. workstations)
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
