https://github.com/g0urmetd/sysmonguard

SysmonGuard is a modular and production-ready PowerShell tool designed for enterprise environments. It automates the installation, configuration, and uninstallation of Sysmon on Windows clients using best practices.
https://github.com/g0urmetd/sysmonguard

automation sysmon sysmon-config windows windows-10 windows-11

Last synced: about 1 month ago
JSON representation

SysmonGuard is a modular and production-ready PowerShell tool designed for enterprise environments. It automates the installation, configuration, and uninstallation of Sysmon on Windows clients using best practices.

• Host: GitHub
• URL: https://github.com/g0urmetd/sysmonguard
• Owner: G0urmetD
• License: gpl-3.0
• Created: 2025-05-14T13:10:54.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2025-05-14T13:19:43.000Z (about 1 month ago)
• Last Synced: 2025-05-14T14:40:20.204Z (about 1 month ago)
• Topics: automation, sysmon, sysmon-config, windows, windows-10, windows-11
• Language: PowerShell
• Homepage:
• Size: 23.4 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# SysmonGuard

```bash

 _______  __   __  _______  __   __  _______  __    _  _______  __   __  _______  ______    ______  

|       ||  | |  ||       ||  |_|  ||       ||  |  | ||       ||  | |  ||   _   ||    _ |  |      | 

|  _____||  |_|  ||  _____||       ||   _   ||   |_| ||    ___||  | |  ||  |_|  ||   | ||  |  _    |

| |_____ |       || |_____ |       ||  | |  ||       ||   | __ |  |_|  ||       ||   |_||_ | | |   |

|_____  ||_     _||_____  ||       ||  |_|  ||  _    ||   ||  ||       ||       ||    __  || |_|   |

 _____| |  |   |   _____| || ||_|| ||       || | |   ||   |_| ||       ||   _   ||   |  | ||       |

|_______|  |___|  |_______||_|   |_||_______||_|  |__||_______||_______||__| |__||___|  |_||______| 

        Install Sysmon Tool

Usage:

  -h / --help           Show help screen.

  -DebugMode            Enable debug mode.

  -Uninstall            Uninstall Sysmon.

  -UpdateConfig         Update Sysmon configuration.

  -Proxy           Proxy for web requests.

  -ConfigFile     Local Sysmon config file path.

  -SysmonZipFile  Local Sysmon.zip path.

  -LogPath        Custom log directory.

  -Language      Script language (default: en).

  -CleanTemp            Clean temp directory after install.

  -version              Show version and exit.

  -silent               Supresses all outputs, especially for SCCM installations.

  -force                Sysmon is already installed, proceeding with reinstallation.

Examples:

  .\SysmonGuard.ps1

  .\SysmonGuard.ps1 -DebugMode

  .\SysmonGuard.ps1 -Uninstall

  .\SysmonGuard.ps1 -UpdateConfig

  .\SysmonGuard.ps1 -ConfigFile .\sysmonconfig.xml

  .\SysmonGuard.ps1 -SysmonZipFile sysmon.zip

  .\SysmonGuard.ps1 -LogPath "C:\Logs"

  .\SysmonGuard.ps1 -CleanTemp

  .\SysmonGuard.ps1 -version

  .\SysmonGuard.ps1 -silent

```

## Usage

Install sysmon with web downloads of sysmon.zip & sysmon-config.xml

```bash

.\SysmonGuard.ps1

```

Install sysmon with local sysmon.zip & sysmon-config.xml

```bash

.\SysmonGuard.ps1 -SysmonZipFile sysmon.zip -ConfigFile .\sysmongconfig.xml

```

Uninstall sysmon

```bash

.\SysmonGuard.ps1 -Uninstall

```