Module for the creation and managing of Sysinternal Sysmon configuration XML files.

Minimum PowerShell version


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-Sysmon -RequiredVersion 0.7.5

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name Posh-Sysmon -Version 0.7.5

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More



(c) 2017 Carlos Perez carlos_Perez@darkoperator.com. All rights reserved.

Package Details


  • Carlos Perez carlos_Perez@darkoperator.com


Sysmon Security Logging


Get-SysmonHashingAlgorithm Get-SysmonRule New-SysmonConfiguration New-SysmonDriverLoadFilter New-SysmonFileCreateFilter New-SysmonImageLoadFilter New-SysmonNetworkConnectFilter New-SysmonProcessCreateFilter New-SysmonProcessTerminateFilter Remove-SysmonRule Remove-SysmonRuleFilter Set-SysmonHashingAlgorithm Set-SysmonRule Get-SysmonEventData Get-SysmonRuleFilter New-SysmonProcessAccessFilter New-SysmonFileCreateStreamHashFilter New-SysmonRegistryFilter New-SysmonPipeFIlter


This module has no dependencies.

Release Notes

Version 0.7.5
* Support for Schema 3.3 of Sysmon v6.
* New function New-SysmonPipeEvent for filtering for named pipeline cration and connection events.
* Support of PipeEvent in config creation and event type functions.
* Several bug fixes on filtering functions when give an array of values.


Version History

Version Downloads Last updated
1.2 1,935 9/21/2018
1.1 225 3/5/2018
1.0 21 3/4/2018
0.7.5 (current version) 400 2/20/2017
0.7.3 121 11/20/2016
0.7.2 88 8/25/2016
0.7.1 29 8/16/2016
0.7 19 8/15/2016
0.6 29 7/29/2016
0.5.1 104 2/25/2016
0.4 65 11/4/2015
Show more