Microsoft is bringing native Sysmon support to Windows 11, Server 2025

Source: BleepingComputer

Author: Lawrence Abrams

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-is-bringing-native-sysmon-support-to-windows-11-server-2025/

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-bringing-native-sysmon-support-to-windows-11-server-2025/

ONE SENTENCE SUMMARY:

Microsoft will integrate Sysmon natively into Windows 11 and Windows Server 2025, simplifying monitoring, deployment, and management.

MAIN POINTS:

1. Sysmon will be native in Windows 11 and Server 2025, eliminating standalone deployment.
2. Integration announced by Sysinternals creator, Mark Russinovich.
3. Sysmon logs events to the Windows Event Log for security applications.
4. Advanced configuration enables monitoring of process tampering, DNS, file creation, and clipboard changes.
5. Previously required individual installation, complicating management in large environments.
6. Native integration allows installation via Windows 11 “Optional features” and updates through Windows Update.
7. Command line activation with sysmon -i or custom config files enhances functionality.
8. Example configuration logs executable creation in specific directories.
9. Key events logged: process creation, network connections, process access, file creation, and tampering.
10. Comprehensive documentation, enterprise features, and AI threat detection planned for next year.

TAKEAWAYS:

1. Native Sysmon simplifies monitoring in Windows environments.
2. Easier deployment and management through Windows Update.
3. Supports custom configurations for detailed event filtering.
4. Enhances threat detection and diagnostics in IT environments.
5. Comprehensive documentation and AI capabilities forthcoming.