Posh-Sysmon

0.7.5

Module for the creation and managing of Sysinternal Sysmon configuration XML files.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-Sysmon -RequiredVersion 0.7.5

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Carlos Perez carlos_Perez@darkoperator.com

Copyright

(c) 2017 Carlos Perez carlos_Perez@darkoperator.com. All rights reserved.

Owners

Tags

Sysmon Security Logging

Functions

Get-SysmonHashingAlgorithm Get-SysmonRule New-SysmonConfiguration New-SysmonDriverLoadFilter New-SysmonFileCreateFilter New-SysmonImageLoadFilter New-SysmonNetworkConnectFilter New-SysmonProcessCreateFilter New-SysmonProcessTerminateFilter Remove-SysmonRule Remove-SysmonRuleFilter Set-SysmonHashingAlgorithm Set-SysmonRule Get-SysmonEventData Get-SysmonRuleFilter New-SysmonProcessAccessFilter New-SysmonFileCreateStreamHashFilter New-SysmonRegistryFilter New-SysmonPipeFIlter

Dependencies

This module has no dependencies.

Release Notes

Version 0.7.5
* Support for Schema 3.3 of Sysmon v6.
* New function New-SysmonPipeEvent for filtering for named pipeline cration and connection events.
* Support of PipeEvent in config creation and event type functions.
* Several bug fixes on filtering functions when give an array of values.

Version History

Version Downloads Last updated
1.2 1,026 9/21/2018
1.1 215 3/5/2018
1.0 11 3/4/2018
0.7.5 (current version) 392 2/20/2017
0.7.3 113 11/20/2016
0.7.2 80 8/25/2016
0.7.1 21 8/16/2016
0.7 11 8/15/2016
0.6 20 7/29/2016
0.5.1 96 2/25/2016
0.4 55 11/4/2015