templating for easier maintaining

[brettowe]

I've been using this sysmon config for only a couple months but I like how it brightens areas I was blind too previously. I find myself wanting to just add a few things to test how it works or something local to my site. Having a monolithic file makes that hard unless your really use to everything in the file. My suggestion is create a python script (for example) that uses a standard templating engine and break this file up so the base template is just the main section headers and comments at the top of the file. Then each section would be a directory by itself which then a simple 50-main.xml file would exist. or perhaps several files depending on how its broken up. This would allow for adding say a 10-test.xml for quick experiments or a 30-local.xml that could be items local to my own site that have no need to be sent upstream Then running the script would generate the monolithic file that sysmon consumes

This setup also would allow hopefully for easier merging of ideas from forks as diff's would be useful again. I've been chewing on this idea for a while and wanted to present it to see if is something I should spend time on, as I have no time myself to maintain this idea forked from this repo. Changing to this setup would likely also likely start the need to create a 'release' every so often as some people would likely consider it a hassle to install python to use this config.

[SwiftOnSecurity]

I have good news @olafhartong already made this! https://github.com/olafhartong/sysmon-modular

[brettowe]

looks great, I might suggest linking to it in your readme unless you intend to pull it into your setup fully.