The full story of sysmon-config, the first (to my awareness) open source HIDS monitoring solution I've neglected but others have picked up the mantle, is sonething I would like to tell.
It was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.
It turns out the sensitive modifications that screw things up kind of include the malware. ones.
SwiftOnSecurity
npub1tx…rx0yc
2026-03-27 21:47:47 UTC
in reply to nevent1q…cj8g
Author Public Key
npub1tx8qa9j24vyteazcgpcmkr4tckyw6wd63yusvew9em02swnfkf3qdrx0ycSeen on
wss://relay.momostr.pinkPublished at
2026-03-27 21:47:47 UTCEvent JSON
{
"id": "1d795fdae35dac2e5903e574a181e5721587413e2befe9f1269b0bdd70d6ece8",
"pubkey": "598e0e964aab08bcf4584071bb0eabc588ed39ba89390665c5cedea83a69b262",
"created_at": 1774648067,
"kind": 1,
"tags": [
[
"e",
"4e8e36cbb7f5d5a55f6bf2610daa9f3b57cd6f533af4444c14a374f5d890dc5e",
"",
"root",
"598e0e964aab08bcf4584071bb0eabc588ed39ba89390665c5cedea83a69b262"
],
[
"p",
"598e0e964aab08bcf4584071bb0eabc588ed39ba89390665c5cedea83a69b262"
],
[
"proxy",
"https://infosec.exchange/@SwiftOnSecurity/116303335738967041",
"web"
],
[
"proxy",
"https://infosec.exchange/users/SwiftOnSecurity/statuses/116303335738967041",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/SwiftOnSecurity/statuses/116303335738967041",
"pink.momostr"
],
[
"-"
]
],
"content": "The full story of sysmon-config, the first (to my awareness) open source HIDS monitoring solution I've neglected but others have picked up the mantle, is sonething I would like to tell.\n\nIt was in fact not generated for a security job, strictly. I needed to understand the sensitive modifications being made to our Windows systems as Helpdesk. And I did not want to filter Procmon again.\n\nIt turns out the sensitive modifications that screw things up kind of include the malware. ones.",
"sig": "b06c54144f5adf7ad8eba58b42256df98aa10af896489c45fe9872033231831f26eeeada9333afe22446dd7c3e14ba19554a5cae6e776c9f3f6401cf9bb404e9"
}