Home

Awesome

Build status Appveyor Latest Commit MIT license

<p align="center"> <br> <img src="https://raw.githubusercontent.com/marcosd4h/sysmonx/master/docs/misc/SysmonX_small.jpg"> </p>

SysmonX

Open Source drop-in compatible version of sysmon

This project is WORK IN PROGRESS. Expect feature changes and binary releases on the upcoming weeks.

Overview

SysmonX is an open-source, community-driven, and drop-in replacement version of Sysmon that provides a modularized architecture with the purpose of enabling the infosec community to:

SysmonX is composed of a standalone binary that gets itself deployed as a windows service, supports legacy Sysmon configurations and event reporting mechanism, while also providing users the ability to configure all the SysmonX aspects through command-line interface.

The SysmonX binary is a drop-in replacement of Sysmon. This effectively means that SysmonX is a feature-compatible version of Sysmon (same input, same output). This is possible thanks to the SysmonX ability to package, deploy, manage Sysmon binaries behind the scene. SysmonX uses this to intercept data collected by Sysmon drivers, enrich them, along with the ability to create, combine, and add scanning logic on top of new security events. The result is a combined output, with the old good features from Sysmon + the new features from SysmonX.

Example of new security events and features added to SysmonX are:

SysmonX Overview deck available here

SysmonX Overview Talk - Video here

SysmonX Demo: Component Install, Component Uninstall and Regex Detection - Video here SysmonX Demo: Component Install, Component Uninstall and Regex Detection