The author has spent over a month developing a Sysmon configuration tailored for the LOLRMM framework, aiming to enhance the detection of Remote Monitoring and Management (RMM) tools in environments. The configuration is nearly finished, with several sections already complete, including ProcessCreate, ProcessTerminate, and FileCreate. However, sections like NetworkConnect and DNSQuery still require further review of sandbox behavioral reports before being finalized. Other areas, such as DriverLoad and RegistryEvent, need additional filtering based on data from the framework. The author details a meticulous process of finding and analyzing RMM installers through tools like VirusTotal Enterprise and Hybrid-Analysis. This involves sandboxing the installers to observe their behavior and extracting relevant indicators for the Sysmon configuration. If information isn't readily available, the author resorts to AI to gather insights on RMM solutions. The testing of this configuration has generated around 350 logged events, offering extensive visibility for security information and event management (SIEM) systems, which can help in identifying obfuscated or renamed RMM files. A practical example using the Ammyy Admin installer is provided, demonstrating how the logs can aid in identifying RMM tools during installation and execution. The project aims to create comprehensive logging for the InfoSec community, and the author is open to suggestions for improving the configuration. The current status reflects that while the configuration is close to completion, it remains a "living" document, with ongoing edits expected in the coming month.