Skip to content
Sysmon Tools for PowerShell
Branch: master
Clone or download
mattifestation Merge pull request #5 from olafhartong/master
Added Sysmon 8 schemaversion 4.1 support. Thank so much, @olafhartong!!!
Latest commit 4d2549b Aug 17, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
PSSysmonTools fixed schema 4.1 Aug 17, 2018
LICENSE Bump version number Jan 6, 2018
SysmonRegFormat.pdf Add files via upload Jan 2, 2018


Sysmon Tools for PowerShell

Implemented functions


Parses a Sysmon driver configuration from the registry. Output is nearly identical to that of "sysmon.exe -c" but without the requirement to run sysmon.exe.


Parses a binary Sysmon configuration. ConvertFrom-SysmonBinaryConfiguration is designed to serve as a helper function for Get-SysmonConfiguration.


Validates a Sysmon configuration.


Recovers a Sysmon XML configuration from a binary configuration.


Merges one or more Sysmon XML configurations.

Please refer to built-in help for each function for more information.


These PowerShell functions will need to be manually validated for each new Sysmon and configuration schema version. Please report all bugs and indiscrepencies with new versions by supplying the following information:

  1. The Sysmon config XML that's generating the error (only schema versions 3.40 and later).
  2. The version of Sysmon being used (only 6.20 and later).

Also, please file feature requests in the form of GitHub issues! Thank you!

You can’t perform that action at this time.