Posh-Sysmon

0.7.3

Module for the creation and managing of Sysinternal Sysmon configuration XML files.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Posh-Sysmon -RequiredVersion 0.7.3

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name Posh-Sysmon -Version 0.7.3

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

cperez

Copyright

Package Details

Author(s)

Carlos Perez carlos_Perez@darkoperator.com

Functions

Get-SysmonHashingAlgorithm Get-SysmonRule New-SysmonConfiguration New-SysmonDriverLoadFilter New-SysmonFileCreateFilter New-SysmonImageLoadFilter New-SysmonNetworkConnectFilter New-SysmonProcessCreateFilter New-SysmonProcessTerminateFilter Remove-SysmonRule Remove-SysmonRuleFilter Set-SysmonHashingAlgorithm Set-SysmonRule Get-SysmonEventData Get-SysmonRuleFilter New-SysmonProcessAccess New-SysmonFileCreateStreamHash New-SysmonRegistryEvent

Dependencies

This module has no dependencies.

Release Notes

Version 0.7.3
* Several bug fixes when creating RawAccess and ProcessOpen rules.
* By default the new schema is 3.2 for the latest version of Sysmon 5.0
* New-SysmonConfiguration function has options to enable all logging for FileCreate, RegistryEvent and FileCreateStreamHash
* Get-SysmonEventData can now parse File Create, Registry and File Stream creation events.
* New function New-SysmonFileCreateFilter for creating file creation filters.
* New function New-SysmonRegistryEvent for creating registry event filters.
* New function New-SysmonFileCreateStreamHash for creating file stream hash event filters.
* Updated Get-SysmonRule, Set-SysmonRule, Remove-SysmonRule and Remove-SysmonRuleFilter for the new event type rules.
* Added Online Help option for all functions.

FileList

Posh-Sysmon.nuspec
Config.ps1
Filters.ps1
LICENSE
Posh-Sysmon.psd1
Posh-SysMon.psm1
README.md
docs\Get-SysmonEventData.md
docs\Get-SysmonHashingAlgorithm.md
docs\Get-SysmonRule.md
docs\Get-SysmonRuleFilter.md
docs\New-SysmonConfiguration.md
docs\New-SysmonDriverLoadFilter.md
docs\New-SysmonFileCreateFilter.md
docs\New-SysmonFileCreateStreamHash.md
docs\New-SysmonImageLoadFilter.md
docs\New-SysmonNetworkConnectFilter.md
docs\New-SysmonProcessCreateFilter.md
docs\New-SysmonProcessTerminateFilter.md
docs\New-SysmonRegistryEvent.md
docs\Remove-SysmonRule.md
docs\Remove-SysmonRuleFilter.md
docs\Set-SysmonHashingAlgorithm.md
docs\Set-SysmonRule.md
en-US\Posh-SysMon-help.xml
en-US\Posh-SysMon.psm1-Help.xml
Format\Sysmon.ConfigOption.ps1xml
Format\Sysmon.Rule.Filter.ps1xml
Format\Sysmon.Rule.ps1xml

Version History

Version	Downloads	Last updated
1.2	1,913	9/21/2018
1.1	225	3/5/2018
1.0	21	3/4/2018
0.7.5	400	2/20/2017
0.7.3 (current version)	121	11/20/2016
0.7.2	88	8/25/2016
0.7.1	29	8/16/2016
0.7	19	8/15/2016
0.6	29	7/29/2016
0.5.1	104	2/25/2016
0.4	65	11/4/2015