{"id":28185029,"url":"https://github.com/g0urmetd/sysmonguard","last_synced_at":"2026-04-25T12:33:54.697Z","repository":{"id":293269555,"uuid":"983491744","full_name":"G0urmetD/SysmonGuard","owner":"G0urmetD","description":"SysmonGuard is a modular and production-ready PowerShell tool designed for enterprise environments. It automates the installation, configuration, and uninstallation of Sysmon on Windows clients using best practices.","archived":false,"fork":false,"pushed_at":"2025-05-14T13:19:43.000Z","size":24,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-14T14:40:20.204Z","etag":null,"topics":["automation","sysmon","sysmon-config","windows","windows-10","windows-11"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/G0urmetD.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-14T13:10:54.000Z","updated_at":"2025-05-14T13:19:50.000Z","dependencies_parsed_at":"2025-05-14T14:40:27.417Z","dependency_job_id":"a8311522-55c3-432e-8dbf-cb84c89701b2","html_url":"https://github.com/G0urmetD/SysmonGuard","commit_stats":null,"previous_names":["g0urmetd/sysmonguard"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/G0urmetD%2FSysmonGuard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/G0urmetD%2FSysmonGuard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/G0urmetD%2FSysmonGuard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/G0urmetD%2FSysmonGuard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/G0urmetD","download_url":"https://codeload.github.com/G0urmetD/SysmonGuard/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254478189,"owners_count":22077677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","sysmon","sysmon-config","windows","windows-10","windows-11"],"created_at":"2025-05-16T06:11:04.928Z","updated_at":"2026-04-25T12:33:54.689Z","avatar_url":"https://github.com/G0urmetD.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SysmonGuard\n\n[![Version](https://img.shields.io/badge/version-2.1-blue.svg)](CHANGELOG.md)\n[![PowerShell](https://img.shields.io/badge/PowerShell-5.1+-blue.svg)](https://docs.microsoft.com/en-us/powershell/)\n[![License](https://img.shields.io/badge/license-GPL--3.0-green.svg)](LICENSE)\n\nA PowerShell script for easy installation, uninstallation, and configuration management of [Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon) on Windows 10/11 clients.\n\n```\n _______ __ __ _______ __ __ _______ __ _ _______ __ __ _______ ______ ______ \n| || | | || || |_| || || | | || || | | || _ || _ | | | \n| _____|| |_| || _____|| || _ || |_| || ___|| | | || |_| || | || | _ |\n| |_____ | || |_____ | || | | || || | __ | |_| || || |_||_ | | | |\n|_____ ||_ _||_____ || || |_| || _ || || || || || __ || |_| |\n _____| | | | _____| || ||_|| || || | | || |_| || || _ || | | || |\n|_______| |___| |_______||_| |_||_______||_| |__||_______||_______||__| |__||___| |_||______| \n```\n\n## Requirements\n\n- **Windows 10/11** (32-bit or 64-bit)\n- **PowerShell 5.1** or higher\n- **Administrator privileges** (required for Sysmon installation)\n- **Internet connection** (for downloading Sysmon and config, unless using local files)\n\n## Features\n\n- ✅ Automatic 32-bit/64-bit detection\n- ✅ Multi-language support (English, German)\n- ✅ Silent mode for SCCM/Intune deployments\n- ✅ Custom configuration URL support\n- ✅ Proxy support for corporate environments\n- ✅ Log rotation (10MB max, 5 backups)\n- ✅ Secure TLS 1.2 downloads\n- ✅ Status checking with version info\n\n## Parameters\n\n| Parameter | Description |\n|-----------|-------------|\n| `-h / -Help` | Show help screen |\n| `-DebugMode` | Enable debug mode |\n| `-Uninstall` | Uninstall Sysmon |\n| `-UpdateConfig` | Update Sysmon configuration |\n| `-CheckStatus` | Check Sysmon installation status |\n| `-Proxy \u003cURL\u003e` | Proxy for web requests |\n| `-ConfigFile \u003cPath\u003e` | Local Sysmon config file path |\n| `-ConfigUrl \u003cURL\u003e` | Custom Sysmon config URL |\n| `-SysmonZipFile \u003cPath\u003e` | Local Sysmon.zip path |\n| `-LogPath \u003cPath\u003e` | Custom log directory |\n| `-Language \u003cen\\|de\u003e` | Script language (default: en) |\n| `-CleanTemp` | Clean temp directory after install |\n| `-version` | Show version and exit |\n| `-silent` | Suppress all outputs (for SCCM) |\n| `-force` | Force reinstallation if already installed |\n\n## Exit Codes\n\n| Code | Name | Description |\n|------|------|-------------|\n| 0 | Success | Operation completed successfully |\n| 1 | GeneralError | An unexpected error occurred |\n| 2 | AlreadyInstalled | Sysmon is already installed (use -force to reinstall) |\n| 3 | DownloadFailed | Failed to download required files |\n| 4 | ConfigUpdateFailed | Configuration update failed |\n| 5 | NotInstalled | Sysmon is not installed |\n| 6 | ExtractionFailed | Failed to extract Sysmon archive |\n| 7 | InstallationFailed | Sysmon installation failed |\n\n## Usage Examples\n\n### Install Sysmon (downloads from web)\n```powershell\n.\\SysmonGuard.ps1\n```\n\n### Install with local files\n```powershell\n.\\SysmonGuard.ps1 -SysmonZipFile .\\sysmon.zip -ConfigFile .\\sysmonconfig.xml\n```\n\n### Install with custom config URL\n```powershell\n.\\SysmonGuard.ps1 -ConfigUrl \"https://mycompany.com/sysmon-config.xml\"\n```\n\n### Check Sysmon status\n```powershell\n.\\SysmonGuard.ps1 -CheckStatus\n```\n\n### Update configuration\n```powershell\n.\\SysmonGuard.ps1 -UpdateConfig\n.\\SysmonGuard.ps1 -UpdateConfig -ConfigFile .\\new-config.xml\n.\\SysmonGuard.ps1 -UpdateConfig -ConfigUrl \"https://mycompany.com/config.xml\"\n```\n\n### Uninstall Sysmon\n```powershell\n.\\SysmonGuard.ps1 -Uninstall\n```\n\n### Silent installation (SCCM/Intune)\n```powershell\n.\\SysmonGuard.ps1 -silent\n```\n\n### Force reinstallation\n```powershell\n.\\SysmonGuard.ps1 -force\n```\n\n### With proxy\n```powershell\n.\\SysmonGuard.ps1 -Proxy \"http://proxy.company.com:8080\"\n```\n\n## Configuration\n\nBy default, SysmonGuard uses the [SwiftOnSecurity Sysmon config](https://github.com/SwiftOnSecurity/sysmon-config). You can specify a custom configuration using:\n\n- `-ConfigFile` for local XML files\n- `-ConfigUrl` for remote XML files\n\n## Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md) for version history and release notes.\n\n## License\n\nThis project is licensed under the GNU General Public License v3.0 - see the [LICENSE](LICENSE) file for details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg0urmetd%2Fsysmonguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fg0urmetd%2Fsysmonguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg0urmetd%2Fsysmonguard/lists"}