This article details the author's development of a Sysmon configuration designed to track Remote Monitoring and Management (RMM) tools using the LOLRMM framework. It outlines the process of testing various installers, sandboxing them, and refining filters to improve detection capabilities. The configuration is a work in progress, with sections already completed and others pending review.

Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025 next year, eliminating the need for standalone installations. This built-in functionality will allow users to monitor and log various system events, making management easier in large IT environments.