Posh-Sysmon

1.2

Module for the creation and managing of Sysinternal Sysmon configuration XML files.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-Sysmon

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Carlos Perez carlos_Perez@darkoperator.com

Copyright

(c) 2018 Carlos Perez carlos_Perez@darkoperator.com. All rights reserved.

  • Posh-Sysmon.nuspec
  • build.ps1
  • Config.ps1
  • Filters.ps1
  • LICENSE
  • Posh-Sysmon.psd1
  • Posh-SysMon.psm1
  • README.md
  • .git\COMMIT_EDITMSG
  • .git\config
  • .git\FETCH_HEAD
  • .git\HEAD
  • .git\index
  • .git\ORIG_HEAD
  • .git\packed-refs
  • .git\sourcetreeconfig
  • .git\sourcetreeconfig.json
  • .git\logs\HEAD
  • .git\logs\refs\heads\master
  • .git\logs\refs\heads\v0_7_6
  • .git\logs\refs\remotes\origin\HEAD
  • .git\logs\refs\remotes\origin\master
  • .git\logs\refs\remotes\origin\v0_7_6
  • .git\objects\04\c735c1a73489a1582726a51b0eb4ecc943e627
  • .git\objects\06\8707f98ff1642faa80499748ea4982705509c0
  • .git\objects\0a\2d102b9b0fa0878010591350b5b45434122a89
  • .git\objects\0d\4ee2628bb2663f3757cc9bb5ad7d1bd7b1ac11
  • .git\objects\10\bb4644b1a5cd291e0f4ab52ceaa23b3a872216
  • .git\objects\13\9321cdaeaa92d025878a61ffce05502b9de17a
  • .git\objects\16\6821a2104f5c8d307878c5dbc20715eac436ae
  • .git\objects\1a\233a6cdd63a292108bb7c3a2b438a553ee1573
  • .git\objects\1a\6c3c0dae8ae5e7c7573d30bd420f016f12fc0e
  • .git\objects\1b\7837e36aaf9d76bb1ee89a38a7096984dc0d73
  • .git\objects\1c\1abae897874e422165218ca9396f68aed91e6f
  • .git\objects\20\32f4940e5dc2c18ac0032e0339d153f5a13621
  • .git\objects\22\7b3d17977d5769dd34d2abf70e7a881296bb54
  • .git\objects\23\f8893241a54e57b77a4482a422c235a97874ef
  • .git\objects\25\022dc6d88842a92881a6fee8a4679ed1270601
  • .git\objects\29\e526e8a73bf4c8d3fd345aeab4d87b2b9247cb
  • .git\objects\2d\9309bb78805eedac3eea19e1d09f4faa1e3e54
  • .git\objects\2d\ecd9e05e34d28a9a4010d9d030b9e751d6003f
  • .git\objects\2f\2713dae46b68fc511f385c3181cc6e0d793190
  • .git\objects\2f\90401ca4420c5fa0010b275ffd7cd13efd3cc1
  • .git\objects\30\823b51398ace2c2776abecb64dbbf2be0ca226
  • .git\objects\32\61d9a082487c1a3b58d902c39446f296f3ed10
  • .git\objects\33\2746b4d48ad426e3f8c843be4ce6cfba716360
  • .git\objects\33\6ddfa010808b71833cd53c0a9f57ad2508105a
  • .git\objects\35\66f76525a4cff5cd0420710a9d2107ebd1a4f4
  • .git\objects\36\f2a553b5a97160d4a29f65c98d91949c09f9f7
  • .git\objects\37\743e2b1c05f88ceefdd006642265493bcea4e7
  • .git\objects\3b\17634f6ed781978362d4cb032a2e6875839593
  • .git\objects\3b\5fac3d41f3278c382006e81f863f2e247155fe
  • .git\objects\3d\0ce80cbe8618008ba6c838e61274bf504c9c02
  • .git\objects\3f\7c26894f026a43b32c6609bd1809cb807ab566
  • .git\objects\40\9f27baef370230341f0dcc6419bd0f6c7fa104
  • .git\objects\40\9f2d48060e32795e82f9d869e2e0683d50c6a9
  • .git\objects\41\60555893ddd1dc2295425c084e38907db39ad0
  • .git\objects\42\3876f64035b8f6ee8917c95193ea767523211b
  • .git\objects\43\5c715456a8a0ea0df9313bfdae81beb5ed17fa
  • .git\objects\43\ece0ae17136d2b82fa4904ecf61cd50aec2b4b
  • .git\objects\44\360a15a856eec65295c8c6971339d8c8b65ab1
  • .git\objects\45\0e8733af9e4eeabf08b8ef89d1847baed7c563
  • .git\objects\45\1af0d7b2e28108100654172a2154e01758568f
  • .git\objects\46\6784bb32eca9377f18827ddebad5d8376daff2
  • .git\objects\47\4bae08f086898e84d46745bf6da0771b58c199
  • .git\objects\47\805cef3773825323c1bfacf2c03c9a10d7ef02
  • .git\objects\47\989afdbf4159a2e3ee6d2e0a8597acabf36a5e
  • .git\objects\48\5bdd360b985fd140a022392666edc7eddca21c
  • .git\objects\48\de38864c59cf8b210703d23610dacc8132891c
  • .git\objects\4a\adbec4047dd473e50b23b9634ed22f07d028b0
  • .git\objects\4b\0611def59ffe99ee0b9a9894f3877466f7f307
  • .git\objects\4c\0dafb56f66e2cc9d88a577d473f68f2ca516eb
  • .git\objects\4c\4ea7960f0b0535f953ea83f7314a65c883b80e
  • .git\objects\4d\9954da2664bd0032a592e9a3e0c86a00c059df
  • .git\objects\4e\5e8537cd45c0b24a0580b23880230de2e0b26a
  • .git\objects\52\435f157b7972e54373ec14fcb18aa1e0ec2f04
  • .git\objects\53\38eb47445f4b7c34f2cbd7c13b09eaef5e85ce
  • .git\objects\53\7caeefb7dd0001e31257d295b723d50f91fa69
  • .git\objects\55\b31fbb4444601eefd2648bd18f7343e30a3cd5
  • .git\objects\57\ad3d3a8fc269574b35e401f560bfceea628bb1
  • .git\objects\57\b4a3d82a66c71f13bb9ef486bfa7bf07db45da
  • .git\objects\59\3c64e74c939eea1bb10aff311ef020d20ed023
  • .git\objects\59\eed62078e5346155b74c86b38501131f1ce6d3
  • .git\objects\5a\1b15fbbba61e438d1c121b9c0fd7457ae8651e
  • .git\objects\5d\6ff8ab6daacc590303df2c928879623b5838cb
  • .git\objects\5d\add15e66f8c797511d8e045be27df2b41d55a1
  • .git\objects\5f\47fd713aec046dd2f28e40565143827a6a81ff
  • .git\objects\5f\48e74297b583dc1ebf9afb4589c910a00796a6
  • .git\objects\5f\546f81acaf09cacf4d015942a137659e831c38
  • .git\objects\60\5395b3f95cc20ccd7254919d974689ef49c889
  • .git\objects\61\e5dc951cedfd5038c41e42d6dfe490d00f924b
  • .git\objects\62\31f17063cbe8c879ae02b3ae34824193635439
  • .git\objects\62\4e61c09a5773da12ef6633eda1ccbd76cc38dd
  • .git\objects\63\d09cabec5dda66be9244dbc2a8b2889075307a
  • .git\objects\65\8dc243c01ce3355666eb13930efa8adfbc4bf1
  • .git\objects\66\45630ea992ff6586433525924528e8bb51b3f8
  • .git\objects\67\dd6bf3f520759937c0b3a5d937182ddbd62551
  • .git\objects\68\37d9ac22489c29a6894b79eb54e5a9a42d1b98
  • .git\objects\68\571248ddd6c6513aa52ccf78d7ea9f7397182d
  • .git\objects\69\3ad3a0635c640caa4a3066cc133c462331bc7e
  • .git\objects\69\4535b3bf182f6327069a6c23b6f7523a090322
  • .git\objects\69\fb9fb67114e6d97cb33d6f110582ff4f780c34
  • .git\objects\6a\a48b58d3c6137d1b8a5fccf7722b4c5c7748ec
  • .git\objects\6a\a5fbc256595e36ea4404686e778d407c2d387b
  • .git\objects\6a\fc16c5136e9a20140c37a8fde5e4eb3942d941
  • .git\objects\6b\4fc81914e1f511a4139f783c0bdfaf30558c55
  • .git\objects\6b\622aabf4a6e660817308d07c86d904eebfc573
  • .git\objects\6b\b584452e1554946e66757c1ad45e64671c43ed
  • .git\objects\6c\b1c6b576470969f20abd48b6ce25ee4e3e7107
  • .git\objects\6d\12c026a9c86a0bdd17440f0e9f6d2309bcb525
  • .git\objects\6d\c61e04f6264e23d281301067544d5fb91fd591
  • .git\objects\6e\84d337300386c6b86fd2c514a5231b93b63a2b
  • .git\objects\71\819d3f593cae2559838ee72a82e71bb24684c6
  • .git\objects\74\731ddb61dcd806553ea774e3720109f0a4ad5f
  • .git\objects\75\7ef51b5d5018e1a108b5a47b748a45904fb344
  • .git\objects\77\c061034eb4c261bf3e7662a96b27294d3bda33
  • .git\objects\78\bd2744c56bf10ae2b8ce8e1168a6f420eeb7b6
  • .git\objects\79\ad02dfeaec201b47130bc014cce054993f60c7
  • .git\objects\7a\65b0cec8cbf291b61a943870e184de5576cae3
  • .git\objects\7a\d14970ac8b9f0022d2d6bc9bf5eaac2d499bfb
  • .git\objects\7b\2536cebf80dd0b347cfde9ca241dd49101a9cb
  • .git\objects\7c\217d1cb5347b092badb2b9b36881bffb969690
  • .git\objects\7d\eadf03352a81747c20c8239770aa1f398a07b1
  • .git\objects\7e\e23a0326445dc304b4917e3a5129779dd4aab1
  • .git\objects\80\199227acc0984147e2dfe3c01ad24bf11b2f4a
  • .git\objects\81\98da0d554eaa2a3e4f6dafb5b0ec35ebe4f5e7
  • .git\objects\81\b8e2a71bd387f0656dbe4340d47d3feec7424c
  • .git\objects\81\eb8c9d6715582029f3a688a2de296825c6a02b
  • .git\objects\81\f37d480a1b26d2c986eaea1eb98662897eba6e
  • .git\objects\86\678fcea18d88ddcdd8bdf49c833cbfaf366cf4
  • .git\objects\86\b3a1e56ea27cb5cfbc5cee69d5e2fa3b41913e
  • .git\objects\87\2b5339b582589be6e13f1eb5b3b1bfba889fc6
  • .git\objects\89\74c74fa8eda81c3e300a73e59ce89606939749
  • .git\objects\8a\6794d0bd035c7c04c1a195ac4565dea1e4b69c
  • .git\objects\8c\988c316575455ee3339c57e8144f01c32b5d25
  • .git\objects\8c\c79cd52480fe9482efa44c45038222e94877c5
  • .git\objects\8d\e42cbc4444e0147d39c3b96fe3fc607cb370a8
  • .git\objects\8e\9e681e3e2892b0a4e1037c373d1c3aadb71edd
  • .git\objects\8f\7a5287cc55e77e9ac0b3b61ef2b22f5bc6e15d
  • .git\objects\8f\fdecc9c66c20897e2ca34325e0c40417df4aef
  • .git\objects\92\cdf70fc325b221dbbb34671817efd928de604c
  • .git\objects\94\ef8d409c9feb972e5c996e1cdc0d9fde4433ae
  • .git\objects\99\180ba6da137319c735906f193c60cbbec9c82b
  • .git\objects\9b\332a0bcd699ec9864769b36fbd255d36dd1522
  • .git\objects\9c\f02149db16c0a447668ca138b48f0df8aed43a
  • .git\objects\9e\313ba0b15df08328bf5486c6a7c5d0de829c51
  • .git\objects\a0\76747723527cca7a3e277555ba9cbf8428e8bb
  • .git\objects\a1\0827ae908f5bf2d6d3b887756ccdfa0e2144b3
  • .git\objects\a4\03d9fd8075100eed93b4048912c8fc8105393d
  • .git\objects\a4\1525acf1cc5fe040d3d8f6e5c5b2ec422a2222
  • .git\objects\a5\36f0fe3ade225ed19d5e3e493a340d1cc2667b
  • .git\objects\a5\bf805fa101587cb270e5f69e4d9f7e75f076a3
  • .git\objects\a5\c77a31a31ba2a2d8d6952a9ba9eb557cbb1f4e
  • .git\objects\a7\174d7ed5116b4e5616926d27e03fc31c4a72ef
  • .git\objects\a7\d14a0ba553a2eba35b358db74961578002a8db
  • .git\objects\ab\189f85c77586f9e492479cfb082011206fefe7
  • .git\objects\ad\8726db520bcf81836a5df4a3cb4236d32875db
  • .git\objects\ad\b5b01221ef1a714ac05f66ad41e732fcb67b64
  • .git\objects\ae\3396c91cc0ca5ab5409a2188ffe54c4afc90cb
  • .git\objects\af\935ca0d9de4d757bb0fd8f84742e9d72e4196d
  • .git\objects\b0\208bb387b9ff7b957ac335da6bfee1eb2df195
  • .git\objects\b1\24b08263cbeca61e476dec22c2355db9eaa210
  • .git\objects\b3\96444ab407bcd827269c1bf06df8f91b57f6cb
  • .git\objects\b3\ff7d376234c723fef2e4f9b53143f05de55dde
  • .git\objects\b4\1249a26ded47f008c7bb4a70fa98523d48f130
  • .git\objects\b4\d8950dfebe94477ea4dadb3c85f63fb74732b7
  • .git\objects\b5\688190d8039335b32b95b5f05c40365d11942d
  • .git\objects\b8\da763a26ac8356d84d20a187f1e36e5c149fe4
  • .git\objects\ba\5396aaacfd4f11428974ccd0c2907ead259ce5
  • .git\objects\ba\87ff57b534ca91e6c17d353c1d2da277a2c9e0
  • .git\objects\bb\1f8e5c58d2ad11a289730520037e4492d278b5
  • .git\objects\bb\3f7d29d8c7a429b46a7239b5cffefb9714ceca
  • .git\objects\bb\ae3e50840f26f33e9d20209c4daced0e0d1bdb
  • .git\objects\bb\ed1a9d3700d1663461ed78c7fe66eae19e9fb3
  • .git\objects\bc\9bebb791fd1d1c423c326d36c5e0f03b543a33
  • .git\objects\be\f4c06e7405ece4838c4fdd2cad76fc61a7f426
  • .git\objects\bf\325689090f793188028bddab344d63221abb3b
  • .git\objects\bf\484407f7b2949353edf80d253aed9d3dabcbc7
  • .git\objects\c0\9b8d24af373e26d2a17c0e59523fe5feee5390
  • .git\objects\c2\75d7884b02b21f1e735719edcf53056fde392f
  • .git\objects\c2\898561960633812023397f7b62c79f402956d6
  • .git\objects\c4\88b164bc16dd67354a38fc050cdc7130cd1df8
  • .git\objects\c4\fde01b16d051bd22d6bc26dfb576670eb2ab64
  • .git\objects\c5\b37b67128d6619a8c36fa75d0fc3986d9bc37c
  • .git\objects\c6\d86fb6b09528c81eb46649184e7141384976c9
  • .git\objects\c8\c63a86f9e31563b5a713119a55866ad794b52c
  • .git\objects\c8\fbb26604a9e2f994d16b9906ced7543d7cd602
  • .git\objects\c9\bf7d6f7cc2566cf16ad94a6d7f2099bcc815c1
  • .git\objects\ca\e60b1298eed6ed422808e0bfb7ae27e1d79bad
  • .git\objects\ca\e9e240f838dc38f04540fc2ac40c67dc8e9dc2
  • .git\objects\cb\5a7c1d7eda7da0ef152b50bcfb19c7b0b7aa7d
  • .git\objects\cd\069d8a01eb0a3f8afb0dacdd5a08fee8c42ab3
  • .git\objects\cf\140bd381adf339be53ef762b1d22a3fa55bc3b
  • .git\objects\d2\d0247d2520c479ae37b96b57032b4405876094
  • .git\objects\d3\52388c2233ff0ab4c5d6ab0d03b0889f7140c0
  • .git\objects\d4\5e7da81813f282844e564d3210128e5b51b9a0
  • .git\objects\d4\8814ced9d9c690651f10e46c6a9dfa93dc0592
  • .git\objects\d6\1256a30e1991025e33d9ae6f3451129df217c4
  • .git\objects\d6\1ded248b2b0fbe61a38469759e6abcbef439b1
  • .git\objects\d8\10e88c3dd135544d920e5c147b2dce760699d6
  • .git\objects\d8\5ecc13e10dff2e1021f0e44c67171c82edecb5
  • .git\objects\d9\99cb411c2a86aba344e9492744a983df7f5348
  • .git\objects\da\80d7f99fef30b8ba3dc7016db0e18295e08f37
  • .git\objects\db\e201c05de4ea6fbd82819f986e3b0bd5dc4240
  • .git\objects\dc\6176e3d7b513fd5783f7d94617b2ad6f44dc02
  • .git\objects\dc\a580f4392e1b77f03bde4a2be32ea7e26f6f15
  • .git\objects\dd\94f5c25fc3c7e0a0b9e64b1256d28619f5ba9e
  • .git\objects\de\d7fde3da8f7c0ea4020c58099b00f5a96e002a
  • .git\objects\e3\dd07dee9fd829ab634eaf1931ca9227f85fca6
  • .git\objects\e3\f75f7d2413c915f3dde3b3ab13bd0a67ffc9b0
  • .git\objects\e4\1c5db8ff1d7d2dda32b496d8c281c9a716434f
  • .git\objects\e4\ab8421d59597d5777e3ec260a98ba5c3c537dd
  • .git\objects\e4\c713c19c1e5b0b77fdf0ced1fd963dd2f65d32
  • .git\objects\e4\feae82e039151e029184c8874ea712636abe16
  • .git\objects\e5\1c6f53740ebe0071819d379b3e0d991d4a045f
  • .git\objects\e7\ed3da1f9847cb426e434cbb4f2e4c4681a6eea
  • .git\objects\e8\53f1708bb2da336d97556e942ba35a8afb987e
  • .git\objects\e8\905bdf8657db34b5025c6da1d28f3f1cb5844c
  • .git\objects\ea\42c40ea1e4eb0bafe2dba601d2c8d5683a3b02
  • .git\objects\f0\edc21307d64482e29d93759d4c00db0c8d9cfa
  • .git\objects\f1\e8df93d9b1059d931b3dd8be0cc46261a50aee
  • .git\objects\f3\1efd651e1862392cd3076e3ca7bd02a6ce8ec5
  • .git\objects\f3\22a4ae43cdc3066ae6e1c705da934a68949710
  • .git\objects\f4\7af09fe9e1c9b585bb16679eb015358032aac1
  • .git\objects\f5\552f43901673ec6c39adee063950fc70855929
  • .git\objects\f5\83d16f2e7cd300e9238903719edd3174817c34
  • .git\objects\f7\1abe92a94a7a422d7c914dc116a92880d219b2
  • .git\objects\f9\f88c134eefbd4b7a546f04c46138b0f8b7d6ab
  • .git\objects\fa\25f48f8909551e4151979509c6c9fc4a0950e8
  • .git\objects\fc\4a0cc6f18966e0fb710f2d192b1f54954d7336
  • .git\objects\fd\a238c2e398302679bb5078aa1ea1c28cebb81a
  • .git\objects\fe\398e39a85d37a567618fa4648b504d5bf18e5a
  • .git\objects\pack\pack-b02839e2bbeff56b424410b802d0b513948c0673.idx
  • .git\objects\pack\pack-b02839e2bbeff56b424410b802d0b513948c0673.pack
  • .git\refs\heads\master
  • .git\refs\heads\v0_7_6
  • .git\refs\remotes\origin\HEAD
  • .git\refs\remotes\origin\master
  • .git\refs\remotes\origin\v0_7_6
  • .git\refs\tags\1.2
  • docs\Get-SysmonEventData.md
  • docs\Get-SysmonHashingAlgorithm.md
  • docs\Get-SysmonRule.md
  • docs\Get-SysmonRuleFilter.md
  • docs\New-SysmonConfiguration.md
  • docs\New-SysmonDriverLoadFilter.md
  • docs\New-SysmonFileCreateFilter.md
  • docs\New-SysmonFileCreateStreamHash.md
  • docs\New-SysmonFileCreateStreamHashFilter.md
  • docs\New-SysmonImageLoadFilter.md
  • docs\New-SysmonNetworkConnectFilter.md
  • docs\New-SysmonPipeEvent.md
  • docs\New-SysmonPipeFilter.md
  • docs\New-SysmonProcessAccessFilter.md
  • docs\New-SysmonProcessCreateFilter.md
  • docs\New-SysmonProcessTerminateFilter.md
  • docs\New-SysmonRegistryEvent.md
  • docs\New-SysmonRegistryFilter.md
  • docs\Remove-SysmonRule.md
  • docs\Remove-SysmonRuleFilter.md
  • docs\Set-SysmonHashingAlgorithm.md
  • docs\Set-SysmonRule.md
  • en-US\Posh-SysMon-help.xml
  • en-US\Posh-SysMon.psm1-Help.xml
  • Format\Sysmon.ConfigOption.ps1xml
  • Format\Sysmon.Rule.Filter.ps1xml
  • Format\Sysmon.Rule.ps1xml
  • Functions\ConvertFrom-SysmonBinaryConfiguration.ps1
  • Functions\ConvertTo-SysmonXMLConfiguration.ps1
  • Functions\Get-SysmonConfiguration.ps1
  • Functions\Get-SysmonEventData.ps1
  • Functions\Get-SysmonHashingAlgorithm.ps1
  • Functions\Get-SysmonRule.ps1
  • Functions\Get-SysmonRuleFilter.ps1
  • Functions\New-SysmonConfiguration.ps1
  • Functions\New-SysmonCreateRemoteThreadFilter.ps1
  • Functions\New-SysmonDriverLoadFilter.ps1
  • Functions\New-SysmonFileCreateFilter.ps1
  • Functions\New-SysmonFileCreateStreamHashFilter.ps1
  • Functions\New-SysmonImageLoadFilter.ps1
  • Functions\New-SysmonNetworkConnectFilter.ps1
  • Functions\New-SysmonPipeFilter.ps1
  • Functions\New-SysmonProcessAccessFilter.ps1
  • Functions\New-SysmonProcessCreateFilter.ps1
  • Functions\New-SysmonProcessTerminateFilter.ps1
  • Functions\New-SysmonRawAccessReadFilter.ps1
  • Functions\New-SysmonRegistryFilter.ps1
  • Functions\New-SysmonWmiFilter.ps1
  • Functions\Remove-SysmonRule.ps1
  • Functions\Remove-SysmonRuleFilter.ps1
  • Functions\Set-SysmonHashingAlgorithm.ps1
  • Functions\Set-SysmonRule.ps1
  • Functions\Schemas\SysmonConfigurationSchema_3_40.xsd
  • Functions\Schemas\SysmonConfigurationSchema_4_00.xsd
  • lib\sysmon3_1.dtd
  • lib\sysmon3_2.dtd
  • lib\sysmon3_3.dtd

Version History

Version Downloads Last updated
1.2 (current version) 181 9/21/2018
1.1 208 3/5/2018
1.0 7 3/4/2018
0.7.5 386 2/20/2017
0.7.3 108 11/20/2016
0.7.2 77 8/25/2016
0.7.1 18 8/16/2016
0.7 7 8/15/2016
0.6 17 7/29/2016
0.5.1 93 2/25/2016
0.4 52 11/4/2015