{
  "name": "Check for running Sysmon process",
  "description": "Find systems where the Sysmon tool is missing or not running.",
  "hosts": ["local", "remote"],
  "actions": [
    {
      "path": "checksysmon",  
      "search": [
        {
          "label": "Sysmon is running"
        }
      ]
    }
  ],
  "pass": {
    "condition": true,
    "success": "All scanned systems are running Sysmon.",
    "failure": {
      "action": {"path": "installsysmon" },
      "text": "do not have the Sysmon service running"
    } 
  },
  "quest": {
    "explanation": "Sysmon is a useful logging tool that helps detect security issues.",
    "selection": {
      "age": {"h": 1}
    }
  }
}