How do I Install Sysmon on Windows Endpoints?

windows install sysmon upgrade splunk event-logging

Sysmon is a tool by Sysinternals, acquired by Microsoft. To download the latest version, visit: https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

How to install Sysmon on Windows Endpoints

Download the two files from the sysmon directory here: https://uofi.box.com/v/splunk
Drop them plus sysmon into a local directory on the Windows machine in question, then run the BAT file. This will install sysmon and configure it to start generating the proper logs.

How to update Sysmon

Drop new Sysmon into same directory, then re-run the same BAT file. It will automatically uninstall the old version and install/configure the new one.

Sign in to leave feedback

0 reviews

Details

Article ID: 2818

Created

Thu 2/1/24 1:54 PM

Modified

Thu 4/18/24 9:31 AM