Microsoft introduces built-in Sysmon capabilities in recent Windows Insider builds (26300.7733 and 26220.7752), simplifying system event monitoring for administrators. This integration allows for capturing and filtering system events, writing them to the Windows event log for use by security tools, and provides granular diagnostic data for security information and event management (SIEM) pipelines. The built-in version, disabled by default, eliminates the need for manual Sysmon deployment and configuration, offering better support compared to the previous separate tool.
arrived in the Dev and Beta Windows Insider channels this week in builds 26300.7733 and 26220.7752, respectively. It allows administrators to capture system events via custom configuration files, filter for specific events, and write them to the standard Windows event log for pickup by third-party applications, including security tools.
Sysmon, part of the Sysinternals toolset, has long been useful for monitoring Windows' internals. Mark Russinovich, Microsoft technical fellow and co-founder of Winternals, from whence Sysinternals sprang,"Its granular diagnostic data feeds security information and event management pipelines and enables defenders to spot advanced attacks." But deployment has been painful for administrators, managing potentially thousands of endpoints across an enterprise that need to be kept. Russinovich noted"a lack of official customer support for Sysmon in production environments." Having it built in is therefore welcome, a respite from Microsoft's relentless AI integrations across its portfolio. Enabling it requires some work with PowerShell, which shouldn't trouble Sysmon-savvy users. Microsoft notes that any existing Sysmon installation must be uninstalled first before the built-in version can be enabled.Microsoft euthanizes ancient deployment toolkit, or turning Paint into a Photoshop knockoff, Microsoft is delivering a tool that actually makes administrators' lives easier - perhaps a sign it's taking user needs more seriously than shareholder demands.Rise of AI means companies could pass on SaaSDWP finds Copilot saves civil servants a whopping 19 minutes a day
Sysmon Windows Security Event Monitoring System Administration
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Russia-Linked Hackers Exploiting Microsoft Office Zero-Day to Target Ukraine and EURussian-backed cyber attackers are actively exploiting a recently disclosed zero-day vulnerability in Microsoft Office (CVE-2026-21509) to target Ukrainian government agencies and organizations in the European Union. The attacks, attributed to APT28 (Fancy Bear), involve weaponized documents that initiate a chain of malicious activity, leading to the deployment of the COVENANT framework. The attackers leverage phishing emails, WebDAV connections, and persistence techniques to gain and maintain access.
Read more »
Microsoft kills standalone SharePoint and OneDrive plans, because they’re not suite enough: Blames ‘unintended or nonstandard usage’ and the cost of keeping them alive
Read more »
Microsoft finally sends TLS 1.0 and 1.1 to the cloud retirement home: Azure Storage now requires version 1.2 or newer for encrypted connections
Read more »
Azure outages ripple across multiple dependent Microsoft services: Managed Identity and virtual machine failures triggered knock-on problems throughout cloud platform
Read more »
Microsoft Azure Suffers Two Service Disruptions in Two DaysMicrosoft experienced two Azure service outages, one affecting Virtual Machine management and the other impacting Managed Identity for Azure resources in East US and West US regions. The Managed Identity outage lasted almost six hours and affected various dependent services. These issues highlight the challenges of cloud service reliability.
Read more »
Microsoft actually does something useful, adds Sysmon to Windows: After years of bolting AI onto everything, Redmond remembers admins exist
Read more »