Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at


Sysmon to uberAgent ESA Rule Converter 1.2

  • by Helge Klein
  • November 23, 2023

We’re happy to announce that a new release of our Sysmon to uberAgent ESA rule converter is available. Version 1.2 adds support for uberAgent 7.1 and allows you to select the desired uberAgent target version.

What’s New?

Support for uberAgent 7.1

The recently released version 7.1 of uberAgent ESA comes with exciting new capabilities, among them file system activity monitoring. This makes it possible to convert many additional System event types (aka event IDs).

Target Version Selection

While there’s no need to select the source’s schema – the converter works with any Sysmon schema version right out of the box – it’s crucial to be able to specify the uberAgent target version. By doing that, the converter only processes rules that can be processed correctly by the uberAgent version that’s deployed on your endpoints.

More Info

Supported Sysmon Event Types (IDs)

In addition to describing how to use the converter, its readme page also lists the Sysmon event types (event IDs) and fields that can be converted.

Download & Changelog

You can download version 1.2 of the Sysmon to uberAgent ESA rule converter on its release page, where you’ll also find the changelog.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *