files : Sysmon64.exe

tasks : main.yml

#main.yml 

- name: Ensure Sysmon directory exists
  win_file:
    path: C:\\Sysmon
    state: directory

- name: Copy Sysmon executable
  win_copy:
    src: Sysmon64.exe
    dest: C:\\Sysmon\\Sysmon64.exe

- name: Copy Sysmon configuration
  win_copy:
    src: sysmonconfig.xml
    dest: C:\\Sysmon\\sysmonconfig.xml

# config 파일 참고 : <https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml>
- name: Install Sysmon with config
  win_command: >
    C:\\Sysmon\\Sysmon64.exe -accepteula -i C:\\Sysmon\\sysmonconfig.xml
  args:
    creates: 'C:\\Windows\\SysmonDrv.sys'

- name: Confirm Sysmon service is running
  win_service:
    name: Sysmon
    start_mode: auto
    state: started
    
- name: Show installation result
  debug:
    var: sysmon_install_result.stdout