Sysmon Solution

Purpose

This solution provides full lifecycle management for Sysmon, including installation, uninstallation, and control of all related Sysmon services.

Associated Content

Content	Type	Function
Enable Sysmon Installation	Custom Field	Custom field to handle installation Sysmon on windows machines.
Sysmon ConfigFile DownloadURL	Custom Field	Specify the file path of the Sysmon configuration file that will be used for applying the Sysmon settings
Exclude Sysmon Installation	Custom Field	Custom field to exclude site/endpoint from deploying the Sysmon installation.
Sysmon Deployment	Group	Contains the machines which are opted for sysmon deployment.
Machines with Sysmon	Group	Includes machines with Sysmon installed on them.
Sysmon - Install	Task	Installs Sysmon application on windows machines.
Sysmon - Uninstall	Task	Uninstalls Sysmon application on windows machines.
Sysmon64 Service	Monitors	Monitors Sysmon64 Service on 64-bit Windows machines.
Sysmon Service	Monitors	Monitors Sysmon Service on 32-bit Windows machines.

Implementation

• Create the following custom fields using the implementation instruction provided in the document.
  • Custom Field - Enable Sysmon Installation
  • Custom Field - Sysmon ConfigFile DownloadURL
  • Custom Field - Exclude Sysmon Installation
• Create the following Groups using the implementation instruction provided in the document.
  • Group - Sysmon Deployment
  • Group - Machines with Sysmon
• Create the following Tasks using the implementation instruction provided in the document.
  • Task - Sysmon - Install
  • Task - Sysmon - Uninstall
• Create the following monitors using the implementation instruction provided in the document.
  • Monitor - Sysmon64 Service
  • Monitor - Sysmon Service

Changelog

2026-03-26

• Initial version of the document