sysmon

ansible-role-sysmon

An Ansible role that installs Sysmon with selected configuration. Included configurations are SwiftOnSecurity sysmon config or olafhartong sysmon-modular config. You can also supply your own config.

Currently there are no configurations included for Linux. You must supply your own if you wish to use this role on Linux hosts.

Supported platforms:

Windows 10
Windows Server 2019
Windows Server 2016
Debian 10
Debian 11
Ubuntu 18.04
Ubuntu 20.04
RHEL/CentOS 8

Requirements

None

Role Variables

Ansible variables from defaults/main.yml

sysmon_install_path: "C:\\Program Files\\Sysmon"
sysmon_version: "11.11"
sysmon_config: swiftonsecurity-sysmonconfig.xml
sysmon_linux_config: linux_sysmonconfig.xml

Dependencies

None

Example Playbook Windows

- name: Install Sysmon
  hosts:
    - windows_host
    - linux_host
  vars:
    sysmon_install_path: "C:\tools\Sysmon"
    sysmon_version: "13.30"
    sysmon_config: olafhartong-sysmonconfig.xml
    sysmon_linux_config: linux-sysmonconfig.xml
  roles:
    - ansible-role-sysmon

License

MIT

Author Information

j91321
viktor0x53

About

Install Sysmon on Windows and Linux. Rulesets included.

role logging monitoring security sysmon windows

Install

ansible-galaxy install j91321/ansible-role-sysmon

GitHub repository

24 stars

3 forks

0 open issues

License

mit

Downloads

481

Owner

Ján Trenčanský