RDPSoft

Remote Desktop and Terminal Server Software

We Make RDS, XenApp & VDI Monitoring/Reporting Easy and Affordable
  • Products / Services
    • Not Sure Where To Start?
    • The Complete Monitoring and Management Bundle For RDS and AVD
    • RDS / AVD Monitoring & Reporting
      • Remote Desktop Commander Suite
      • Sysmundo
    • RDS / AVD Management and RMM Tools
      • Remote Desktop Commander Lite (Free RDS/AVD Management Tool)
      • Remote Assistance RMM Tool + Delegation of Management for RDS/AVD Support Desk
    • RDS Synthetic Login Monitoring / Connection Time / Uptime Monitoring Tools
      • Remote Desktop Canary
    • Digital Forensics and Incident Response Tools
      • Sysmundo
    • Consulting and Professional Services
      • RDS Performance Audits, Security Audits, and General RDS Consulting
      • Custom Report Design Services
      • Training and Other Professional Services
  • Download
    • RDC Lite: Free RDS/Citrix Session and Farm Manager
    • RDC Lite With Premium Management Features
    • RDC Suite: Installer and Release Notes
    • Remote Desktop Canary – Request a Demo/Trial
    • Sysmundo
    • Request Upgrade To New Version
  • Buy
    • The Complete RDS/AVD Monitoring and Management Bundle Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Commander Suite Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
      • Buy Perpetual License(s)
    • Premium Management Features Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Canary Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Sysmundo Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Buy Incident Based Support Packages
    • Pricing
  • Blog
  • Support
    • Contact Support / Submit Ticket
    • RDPSoft Knowledge Base
  • Contact
  • Partners

Sysmundo, Our Brand New User Observability and DFIR Solution, Is Now Available!

November 29, 2023 By admin Leave a Comment

Greetings RDPSoft friends and customers!  We’ve just released our brand new Sysmundo solution, that helps you with user observability, digital forensics, and incident response. How so? Sysmundo extends and enhances the Microsoft Sysmon logging utility, which is available to all Microsoft Windows customers as part of the Sysinternals Suite of utilities. Watch the video below and keep reading to understand all the benefits of our new application.

Watch this video to learn how Sysmundo helps improve user observability, digital forensics, and incident response in your organization.

What is Sysmon?

Sysmon is a freeware utility developed by the Sysinternals team at Microsoft, led by luminary Mark Russinovich, CTO of Microsoft Azure. Sysmon is one of myriad tools provided by the Sysinternals team to Windows system administrators, to make their jobs easier.

When deployed on Windows servers and workstations in your environment, Sysmon becomes a “second Security log”, auditing important user and program actions on your systems.

Indispensable for detecting malware, hunting Advanced Persistent Threats, or analyzing user activity in depth, Sysmon tracks nearly 30 different categories of behavior on Windows systems- including programs run, DNS queries made, files created/ downloaded/ deleted, clipboard activity and registry keys created and modified. Sysmon keeps tabs on what your users are doing and whether their behavior is normal or aberrant and suggestive of intrusion.

Why Is It Important to Deploy Sysmon in RDS, AVD, Parallels RAS, Citrix, and Other EUC Environments?

EUC systems, by design, will inherently have multiple different users connecting to them on a regular basis. Therefore, it is important to closely scrutinize activity taking place on those systems, looking for “indicators of compromise.” For example:

  • Activity that would be suggestive of Privilege Escalation attempts (e.g. a standard user trying to become an admin)
  • Unauthorized downloading of external files onto a terminal server
  • A higher than usual rate of clipboard activity for a user, suggesting data exfiltration
  • Creation of files in parts of the file system that are not typical to user behavior
  • Network connections being opened via atypical processes, suggesting a compromise
  • Strange, or uncommon DNS queries
  • Modification of certain registry keys and values

What is RDPSoft Sysmundo, and How Does it Enhance the Sysmon Tool?

The traditional approach to deploying and utilizing Sysmon on Windows systems has been to:

  • Deploy it via scripts to servers and workstations on your network
  • Use a SIEM or log aggregation product to ingest the data
  • Write your own reports and queries in the SIEM to examine the collected data

The shortcomings of this approach center around the:

  • Difficulty of Sysmon deployment, reconfiguration, and removal
  • High data ingestion costs charged by the SIEM vendor
  • Costs (and the domain knowledge) associated with writing reports/correlations for Sysmon data, loaded inside the SIEM

We designed Sysmundo to tackle these shortcomings head on, so that Windows administrators can:

  • Deploy and change Sysmon configurations more easily
  • Archive and use the generated log data in a way that avoids the costs associated with SIEM ingestion
  • Quickly search for and analyze events of interest
  • Schedule routine reports to detect critical activity

Some of these features are provided for free, and others are accessed via a commercial license- at a very low cost relative to a SIEM, or other log aggregation products. Below, we will break down both the free and commercial features available in Sysmundo.

In this RDPSoft E-Newsletter:

Free Sysmundo Features

Commercial Sysmundo Features

Sysmundo Is Included In Our Complete Monitoring and Management Bundle

Remote Desktop Commander Suite Maintenance Release Now Available

Remote Desktop Canary v4 Coming Soon!

RDPSoft Is Now a Parallels RAS Reseller

Sysmundo Download and Purchase Links

Free Sysmundo Features

You can build manual groupings of computers, or link them to Active Directory OUs, for quick Sysmon deployment and reconfiguration.

As a Freemium product, Sysmundo offers several basic features at no cost, since we want to encourage administrators to deploy Sysmon across your servers and workstations. For example, the unlicensed version of Sysmundo:

  • Automatically downloads the Sysmon tool from the Microsoft Sysinternals website. Sysmundo also automatically checks for updates to Sysmon, notifying you and offering to download the latest version when available
  • Helps you organize computers into logical groupings (associated with Active Directory Organizational Units or manual lists) for automated and streamlined Sysmon deployments
  • Includes links to the most popular Sysmon config file repositories on Github, such as those maintained by SwiftOnSecurity, Olaf Hartong, and Florian Roth. Sysmundo users can add additional config file repositories to the program and can automatically download the latest config files to audition or modify when deploying Sysmon with Sysmundo
  • Includes a simple to use GUI wizard for deploying, upgrading, re-configuring, and removing Sysmon on groups of computers, without the need for any scripting
  • Allows you to test the log analysis and reporting features against Sysmon logs located on three computers at a time, for 14 days.
Access the most popular Sysmon config file repositories for quick and easy Sysmon deployments.
Access the most popular Sysmon config file repositories for quick and easy Sysmon deployments.
Use the Sysmon Deployment Wizard to deploy, reconfigure, or uninstall Sysmon to dozens of servers and workstations in mere minutes, with no scripting required!
Use the Sysmon Deployment Wizard to deploy, re-configure, or uninstall Sysmon to dozens of servers and workstations in mere minutes, with no scripting required!

Paid Sysmundo Features

The paid version of Sysmundo can:

  • Centrally collect and archive all Sysmon logs from your computers
  • Index those collected logs into SQL, to make it easy to find events of interest and indicators of compromise
  • Normalize all Sysmon field data, so you can powerfully filter and analyze events from multiple logs
  • Provide a reporting platform for all of the data

Even more importantly, all of these features are delivered to you at an extremely competitive price. For example, you can license Sysmundo for 5 servers and 25 workstations for only $29.99 per month!

Here’s the detailed feature list for the paid version of Sysmundo:

  • Automatic, AGENTLESS archiving of Sysmon logs from computers, once or multiple times a day, to local “hot storage”. Logs are also stored, compressed, in long-term “cold storage”
  • Logs in “cold storage” can be thawed at any time and re-indexed for analysis
  • Lightweight indexing of archived Sysmon logs into SQL, making it easy to analyze and review certain types of activity by date/time range, users, computers, and programs
  • Additional analysis is supported for “live” Sysmon logs and previously saved Sysmon logs
  • “Pre-load” filtering on key fields for specific Sysmon categories is supported- whereby discovered values are pre-populated to filter against, drastically reducing log load times. For instance, perhaps you want to see all programs launched by Windows Explorer by a select group of users? After a few clicks, that information is loaded into an analysis window
  • Sysmundo’s Data Analyzer window parses and normalizes key fields from specific Sysmon event categories, making them easily groupable, sortable, and filterable
  • Right mouse clicking on events of interest raises a context menu to learn more about specific field data via a Google search
  • Sysmundo understands correlated fields between different Sysmon event categories, and lets you perform “drill down” correlation when performing analysis against a set of log data
  • Discovered/filtered events can be exported to CSV and Excel files
  • Sysmundo ships with over two dozen reports that focus on different Sysmon categories and user/program behavior. Reports can be run manually or scheduled against prior day collected log data

Sysmundo Is Included in RDPSoft’s Complete Monitoring and Management Bundle.

Already a Complete Monitoring and Management Bundle customer? Contact us now to request the Sysmundo licensing you’re entitled to, for the number of RDS/AVD servers you’re already licensing. And, if you’d like to add more licenses so you can deploy Sysmundo on your non-EUC servers or workstations, let us know and we can give you a discounted price to cover those systems as well.

It’s just another way we’d like to say thank you for your continued loyalty and to deliver even more value to you.

If you’re not currently a Complete Monitoring and Management Bundle customer, contact us for a quote to convert your existing product subscriptions into a bundle subscription.

A Remote Desktop Commander Maintenance Release Is Now Available

We just posted a maintenance release of the Remote Desktop Commander Suite (Version 6.5.5). While this version does not have new features, it does have the following bug fixes as documented in the following KB articles:

  • The online Stamen Map Tile Provider was discontinued, which causes the Geolocate RDS Logons and Logon Failures dashboard to show a blank white screen instead of a map.
  • Some online transactional mail servers that have switched to TLS 1.2 may be incompatible with Remote Desktop Commander SMTP scheduled report relays.

To request an upgrade to Version 6.5.5, please visit https://www.rdpsoft.com/upgrade

Version 7, the next major release of the Remote Desktop Commander Suite, should become available in Q1 of 2024.

Remote Desktop Canary v4 Almost Ready!

While we’ve put a ton of development focus this year onto our new Sysmundo product, we haven’t forgotten about our other solutions. In a few weeks, we plan on releasing Remote Desktop Canary v4. Here is a sneak peak of the new features coming to Version 4:

  • The ability to edit multiple workflows at one time, to change common settings like login time thresholds, login credentials, and much more
  • A special, newly designed Program Tester applet, that checks to see if applications launch normally when Remote Desktop Canary performs a synthetic RDP login. You can configure this new Program Tester applet to evaluate the text in the title bar of a launched program, or any text that appears in internal windowed controls in the program’s user interface. Then, if that text is seen or not seen, the login test will succeed or fail accordingly
  • The ability to immediately automatically retry failed connections a few times before actually generating an alert.
  • A brand new Workflow Design Wizard that will let you quickly build workflows to test your RDS collections, or individual RDS servers, in an intuitive and easy way. No more downloading of RDP files will be required.

We’re Now an Authorized Parallels RAS Reseller

Here at RDPSoft, we absolutely love pure Microsoft Remote Desktop Services, and think it is 100% the most cost-effective way to provide virtual desktops and apps to your users. That said, we also know that sometimes organizations outgrow RDS, or have more complex feature needs which are not provided by RDS.

When that time comes, it’s tempting to look towards Azure Virtual Desktop or Citrix, but these platforms often bring much unneeded expense, that can swamp your IT department’s budget. For this reason, we highly recommend that any customer looking to switch from RDS seriously examine Parallels RAS by Alludo. We believe so strongly in this platform – especially when compared to alternatives like Citrix and AVD – that we became a Parallels reseller and partner this year.

Our CEO, Andy Milford, is a Parallels VIPP, and actually just wrote a comprehensive blog article at his PureRDS.org site, summarizing some of the most powerful features that Parallels RAS brings to the table- in terms of how it extends regular Microsoft Remote Desktop Services.

You may also watch this recent video of Andy Milford discussing Parallels RAS, its benefits, and his opinion on the state of the EUC market in general:

If you’d like to learn more about Parallels RAS, including getting a reseller quote and cost analysis of switching to Parallels RAS from RDS, please fill out the form here and we’ll get back in touch with you shortly.

Sysmundo Download and Purchasing Links

If you’d like to learn more about Sysmundo and download its installer, click here. 

If you’d like to start a monthly subscription to Sysmundo for as little as $29.99 per month, covering 5 servers and 25 workstations, click here.

If you’d like to start an annual subscription to Sysmundo for as little as $329.99 per year, covering 5 servers and 25 workstations, click here.

If you’re an existing Complete Monitoring and Management Bundle subscription holder, and would like to request Sysmundo licensing, please fill out our sales contact form here.

Request a web demo with a RDPSoft solutions expert to see all our solutions’ features in depth.

Filed Under: RDP Logs, Software Releases, Sysmon Tagged With: dfir, parallels ras, sysmon, sysmundo, user observability

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

Not Sure Where To Start?

In just a few moments, you can find the right fit of solutions and even services for your needs.

> Get Going Now.

Help Documents

Remote Desktop Commander
Help and Users Guide
Release Notes (ver 6.x)

Sign Up for Remote Desktop Tips and RDPSoft Updates

Blog Topic Categories

  • Azure RemoteApp
  • Azure Virtual Desktop
  • citrix edgesight
  • Citrix Edgesight Replacement
  • Citrix Shadowing
  • Cloud RDP Monitoring
  • DEX
  • Performance
  • RDP Disconnects
  • RDP Latency
  • RDP Login Time
  • RDP Login Tracking
  • RDP Logon Failure Tracking
  • RDP Logs
  • RDP Loss Rate
  • RDP Security
  • RDP Transmission Rate
  • RDS Infrastructure
  • RDS License Metering
  • RDS Licensing
  • Remote Desktop Bandwidth
  • Remote Desktop CPU
  • Remote Desktop Management
  • Remote Desktop Memory
  • Remote Desktop Memory Usage
  • Remote Desktop Monitoring
  • Remote Desktop Performance
  • Remote Desktop Protocol
  • Remote Desktop Reporting
  • Remote Desktop Security
  • Remote Desktop Services
  • Remote Desktop Services Free Tools
  • Remote Desktop Services Hotfix
  • Sensitive Data
  • Server 2012 TSAdmin Replacement
  • Shadow User
  • Software Releases
  • SPLA Reporting
  • Synthetic RDP
  • Sysmon
  • Telecommuting/Teleworking
  • Terminal Server Logging
  • Terminal Server Monitoring
  • Uncategorized
  • User Activity Monitoring
  • User Productivity
  • Windows 2008 Terminal Server
  • Windows Virtual Desktop
  • WVD Login Time
  • XenApp Monitoring
  • XenApp Reporting

Recent Posts

  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!
  • Sysmundo, Our Brand New User Observability and DFIR Solution, Is Now Available!

From the RDPSoft Blog

  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!
  • Sysmundo, Our Brand New User Observability and DFIR Solution, Is Now Available!
  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

We Do “Single Pane of Glass” Monitoring and Management for RDS

Top Level Deployment Dashboard

One of the biggest criticisms leveled against Microsoft's Remote Desktop Services as an end user computing (EUC) platform is its complete lack of integrated management and monitoring tools. … Learn more about our centralized RDS monitoring and management >

Reach Out

For fastest response, reach out via our sales and support contact forms.

Sales
US: 1-855-738-8457 x1
Outside the US: 1-702-749-4325 x1

Support
for Evaluators and Priority Support Customers
US: 1-855-738-8457 x2
Outside the US: 1-702-749-4325 x2

© Copyright 2013–2025 RDPSoft. All Rights Reserved. RDPSoft is the sole authorized publisher and distributor of the following software titles: Remote Desktop Commander, Premium Management Features, Remote Desktop Canary · Sitemap