Has anyone deployed sysmon as a service then capturing process creation/termination with image file hash and/or network connections via the BigFix event log inspectors ?
BigFix competitors are doing something similar, under the hood it appears to be no more than sysmon …
Looking for sample relevance to adapt if possible to demonstrate power of BigFix as an EDR.
I had forgotten, but I had created a deploy/install Fixlet for Sysmon v6.1 at some point 
https://www.bigfix.me/fixlet/details/24639
It should be relatively straightforward to update this for the latest version of Sysmon, then create analyses to return the data of interest from the event logs.
I will try to look into this further shortly…
Curioius, was this ever completed? Any thoughts about using other Microsoft tools within BigFix, maybe using the entire sysinternals suite?