RDPSoft

Remote Desktop and Terminal Server Software

We Make RDS, XenApp & VDI Monitoring/Reporting Easy and Affordable
  • Products / Services
    • Not Sure Where To Start?
    • The Complete Monitoring and Management Bundle For RDS and AVD
    • RDS / AVD Monitoring & Reporting
      • Remote Desktop Commander Suite
      • Sysmundo
    • RDS / AVD Management and RMM Tools
      • Remote Desktop Commander Lite (Free RDS/AVD Management Tool)
      • Remote Assistance RMM Tool + Delegation of Management for RDS/AVD Support Desk
    • RDS Synthetic Login Monitoring / Connection Time / Uptime Monitoring Tools
      • Remote Desktop Canary
    • Digital Forensics and Incident Response Tools
      • Sysmundo
    • Consulting and Professional Services
      • RDS Performance Audits, Security Audits, and General RDS Consulting
      • Custom Report Design Services
      • Training and Other Professional Services
  • Download
    • RDC Lite: Free RDS/Citrix Session and Farm Manager
    • RDC Lite With Premium Management Features
    • RDC Suite: Installer and Release Notes
    • Remote Desktop Canary – Request a Demo/Trial
    • Sysmundo
    • Request Upgrade To New Version
  • Buy
    • The Complete RDS/AVD Monitoring and Management Bundle Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Commander Suite Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
      • Buy Perpetual License(s)
    • Premium Management Features Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Canary Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Sysmundo Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Buy Incident Based Support Packages
    • Pricing
  • Blog
  • Support
    • Contact Support / Submit Ticket
    • RDPSoft Knowledge Base
  • Contact
  • Partners

Sysmundo

Sysmundo fully unleashes the power of Microsoft’s Sysmon DFIR utility for maximum observability, security, and incident response in your Windows environment. Perfect not only for EUC environments (such as RDS, Citrix, Parallels RAS, AVD, VMWare Horizon) but for all Windows networks, it takes the auditing provided by the Sysinternals Sysmon utility and extends it to the next level.

What is Sysmon?

Sysmon is a freeware utility developed by the Sysinternals team at Microsoft, which is led by luminary Mark Russinovich, CTO of Microsoft Azure. Sysmon is one of a myriad of tools the Sysinternals team provides to Windows system administrators to make their jobs easier.

When deployed on Windows servers and workstations in your environment, Sysmon becomes a “second Security log,” auditing important user and program actions on your systems.

Indispensable for detecting malware, hunting for Advanced Persistent Threats, or analyzing user activity in depth, Sysmon tracks nearly 30 different categories of behavior on Windows systems. From programs run, DNS queries made, files created and files deleted, clipboard activity, registry keys created and modified, Sysmon keeps tabs on what your users are doing and whether their behavior is normal or aberrant and suggestive of intrusion.

In fact, as recently as November of 2022, CISA and the FBI released a joint Cyber Security Advisory (CSA) report where they recommend deploying Sysmon on all networked systems to reduce the risk of compromise by Hive ransomware.

Suffice it to say, Sysmon at this point is a must have DFIR (Digital Forensics and Incident Response) tool which should be deployed on all Windows systems in a network.

What is Sysmundo and What Problems Does it Solve?

Watch this quick video to learn more about Sysmundo’s features and how it works.

The traditional approach to deploying and utilizing Sysmon on Windows systems has been:

  • Deploy it via scripts to servers and workstations on your network
  • Use a SIEM or log aggregation product to ingest the data
  • Write your own reports and queries in the SIEM to examine the collected data

The shortcomings of this approach center around:

  • Difficulty of Sysmon deployment, reconfiguration, and removal
  • High data ingestion costs charged by the SIEM vendor
  • Costs (and the domain knowledge) associated with writing reports/correlations for Sysmon data loaded inside the SIEM

We designed Sysmundo to tackle these shortcomings head on, so that Windows administrators can deploy and change Sysmon configurations more easily, archive and use the generated log data in a way that avoids the costs associated with SIEM ingestion, quickly search for and analyze events of interest, plus schedule routine reports to detect critical activity. Some of these features are provided for free, and some of them are provided with a commercial license at a very low cost relative to SIEM or log aggregation products.

Key Sysmundo Features

  • Automatic download of the Sysmon tool from the Microsoft Sysinternals website. Sysmundo also automatically checks for updates to Sysmon and will notify you and offer to download the latest version (FREE FEATURE).
  • Organization of computers into logical groupings (associated with Active Directory Organizational Units or manual lists) for automatic streamlined Sysmon deployments (FREE FEATURE).
  • Links to the most popular Sysmon config file repositories on Github, such as those maintained by SwiftOnSecurity, Olaf Hartong, and Florian Roth. Sysmundo users can add additional config file repositories to the program and can automatically download the latest config files to audition or modify when deploying Sysmon with Sysmundo (FREE FEATURE).
  • Simple to use GUI wizard for deploying, upgrading, reconfiguring, and removing Sysmon on groups of computers, without need for scripting (FREE FEATURE).
  • Automatic, AGENTLESS archiving of Sysmon logs from computers once or multiple times a day to local “hot storage.” Logs are also stored compressed in long term “cold storage.”
  • Logs in “cold storage” can be thawed at any time and reindexed for analysis.
  • Lightweight indexing of archived Sysmon logs into SQL, making it easy to analyze and review certain types of activity by date/time range, users, computers, and programs.
  • Additional analysis is supported for “live” Sysmon logs and previously saved Sysmon logs.
  • “Pre-load” filtering on key fields for specific Sysmon categories is supported, whereby discovered values are pre-populated to filter against, drastically reducing log load times. For instance, perhaps you want to see all programs launched by Windows Explorer by a select group of users. After a few clicks, that information is loaded into an analysis window.
  • Sysmundo’s Data Analyzer window parses and normalizes key fields from specific Sysmon event categories, making them easily groupable, sortable, and filterable.
  • Right mouse clicking on events of interest raises a context menu to learn more about specific field data via a Google search.
  • Sysmundo understands correlatable fields between different Sysmon event categories, and lets you perform “drill down” correlation when performing analysis against a set of log data.
  • Discovered/filtered events can be exported to CSV and Excel files.
  • Sysmundo ships with over two dozen reports that focus on different Sysmon categories and user/program behavior. Reports can be run manually or scheduled against prior day collected log data.

Setting Up Sysmundo – A Video Walkthrough

Watch this video to see how easy it is to setup Sysmundo, deploy Sysmon to Windows systems, set up log archiving and indexing, and begin analyzing Sysmon event categories.

Affordable Pricing

Sysmundo’s pricing is affordable and straightforward. Simply add up all of the Windows servers and workstations in your environment that will be auditing user and program behavior with the Microsoft Sysmon tool, from which Sysmundo will collect and analyze logs. Then, select the most appropriate bundle below and select the link to start a monthly or annual subscription.

Servers/WorkstationsMonthly SubscriptionAnnual Subscription
5 Servers +
25 Workstations
$29.99 per month$329.99 per year
10 Servers +
50 Workstations
$49.99 per month$549.99 per year
25 Servers +
150 Workstations
$99.99 per month$1099.99 per year
I Need More Than
25 servers +
150 Workstations
Contact Us For QuoteContact Us For Quote

Download Sysmundo

To download a copy of Sysmundo, please click here. If you would like to utilize the paid features, such as automatic Sysmon log archiving, reporting, and analysis of historic data, please sign up for a subscription via the links above.

  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

Not Sure Where To Start?

In just a few moments, you can find the right fit of solutions and even services for your needs.

> Get Going Now.

Help Documents

Remote Desktop Commander
Help and Users Guide
Release Notes (ver 6.x)

Sign Up for Remote Desktop Tips and RDPSoft Updates

Blog Topic Categories

  • Azure RemoteApp
  • Azure Virtual Desktop
  • citrix edgesight
  • Citrix Edgesight Replacement
  • Citrix Shadowing
  • Cloud RDP Monitoring
  • DEX
  • Performance
  • RDP Disconnects
  • RDP Latency
  • RDP Login Time
  • RDP Login Tracking
  • RDP Logon Failure Tracking
  • RDP Logs
  • RDP Loss Rate
  • RDP Security
  • RDP Transmission Rate
  • RDS Infrastructure
  • RDS License Metering
  • RDS Licensing
  • Remote Desktop Bandwidth
  • Remote Desktop CPU
  • Remote Desktop Management
  • Remote Desktop Memory
  • Remote Desktop Memory Usage
  • Remote Desktop Monitoring
  • Remote Desktop Performance
  • Remote Desktop Protocol
  • Remote Desktop Reporting
  • Remote Desktop Security
  • Remote Desktop Services
  • Remote Desktop Services Free Tools
  • Remote Desktop Services Hotfix
  • Sensitive Data
  • Server 2012 TSAdmin Replacement
  • Shadow User
  • Software Releases
  • SPLA Reporting
  • Synthetic RDP
  • Sysmon
  • Telecommuting/Teleworking
  • Terminal Server Logging
  • Terminal Server Monitoring
  • Uncategorized
  • User Activity Monitoring
  • User Productivity
  • Windows 2008 Terminal Server
  • Windows Virtual Desktop
  • WVD Login Time
  • XenApp Monitoring
  • XenApp Reporting

Recent Posts

  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!
  • Sysmundo, Our Brand New User Observability and DFIR Solution, Is Now Available!

From the RDPSoft Blog

  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!
  • Sysmundo, Our Brand New User Observability and DFIR Solution, Is Now Available!
  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

We Do “Single Pane of Glass” Monitoring and Management for RDS

Top Level Deployment Dashboard

One of the biggest criticisms leveled against Microsoft's Remote Desktop Services as an end user computing (EUC) platform is its complete lack of integrated management and monitoring tools. … Learn more about our centralized RDS monitoring and management >

Reach Out

For fastest response, reach out via our sales and support contact forms.

Sales
US: 1-855-738-8457 x1
Outside the US: 1-702-749-4325 x1

Support
for Evaluators and Priority Support Customers
US: 1-855-738-8457 x2
Outside the US: 1-702-749-4325 x2

© Copyright 2013–2025 RDPSoft. All Rights Reserved. RDPSoft is the sole authorized publisher and distributor of the following software titles: Remote Desktop Commander, Premium Management Features, Remote Desktop Canary · Sitemap