An Ansible role that installs Sysmon with selected configuration. Included configurations are SwiftOnSecurity sysmon config or olafhartong sysmon-modular config. You can also supply your own config.
Supported platforms:
- Windows 10
- Windows Server 2019
- Windows Server 2016
None
Ansible variables from defaults/main.yml
sysmon_install_path: "C:\\Program Files\\Sysmon"
sysmon_version: "11.11"
sysmon_config: swiftonsecurity-sysmonconfig.xml
None
- name: Install sysmon to winlogbeat group
hosts:
- winlogbeat
vars:
sysmon_install_path: "C:\tools\Sysmon"
sysmon_version: "11.11"
sysmon_config: olafhartong-sysmonconfig.xml
roles:
- ansible-role-sysmon
post_tasks:
- name: Restart Winlogbeat
win_shell: Restart-Service winlogbeat
MIT
- j91321
- viktor0x53