Deploy Sysmon Logging Using Group Policy (GPO)
Download
Sysmon from Windows Sysinternals
Sysmon config xml file (credits to @SwiftOnSecurity)
Configure
Edit sysmon.bat and modify as required
SET DC=dc.internal.local
SET FQDN=internal.local
SET SYSMONCONFIG=%SYSMONDIR%\sysmonconfig-export.xml
SET GLBSYSMONCONFIG=\\%DC%\sysvol\%FQDN%\sysmon\sysmonconfig-export.xml
Create sysmon folder in SYSVOL and copy files
C:\>dir /b \\dc.internal.local\sysvol\internal.local\sysmon
sysmon.bat
Sysmon.exe
Sysmon64.exe
sysmonconfig-export.xml
Create and link a Deploy Sysmon GPO
