This article details the author's development of a Sysmon configuration designed to track Remote Monitoring and Management (RMM) tools using the LOLRMM framework. It outlines the process of testing various installers, sandboxing them, and refining filters to improve detection capabilities. The configuration is a work in progress, with sections already completed and others pending review.

This tool manages Sysmon configurations for Windows endpoints, supporting both agentless and agent-based deployments. It offers a web interface for real-time updates, event log querying, and noise analysis to optimize logging configurations.