diff --git a/src/detections/detection.rs b/src/detections/detection.rs
index 756fcf4c..417c5cd8 100644
--- a/src/detections/detection.rs
+++ b/src/detections/detection.rs
@@ -4,6 +4,7 @@ use crate::detections::application;
 use crate::detections::common;
 use crate::detections::security;
 use crate::detections::system;
+use crate::detections::sysmon;
 use crate::models::event;
 use evtx::EvtxParser;
 use quick_xml::de::DeError;
@@ -26,6 +27,7 @@ impl Detection {
         let mut security = security::Security::new();
         let mut system = system::System::new();
         let mut application = application::Application::new();
+        let mut sysmon = sysmon::Sysmon::new();
 
         for record in parser.records() {
             match record {
@@ -43,6 +45,8 @@ impl Detection {
                         &system.detection(event_id, &event.system, event_data);
                     } else if channel == "Application" {
                         &application.detection(event_id, &event.system, event_data);
+                    } else if channel == "Microsoft-Windows-Sysmon/Operational" {
+                        &sysmon.detection(event_id, &event.system, event_data);
                     } else {
                         //&other.detection();
                     }
diff --git a/src/detections/mod.rs b/src/detections/mod.rs
index 7238b4aa..2e67495c 100644
--- a/src/detections/mod.rs
+++ b/src/detections/mod.rs
@@ -3,3 +3,4 @@ mod common;
 pub mod detection;
 mod security;
 mod system;
+mod sysmon;
\ No newline at end of file
diff --git a/src/detections/sysmon.rs b/src/detections/sysmon.rs
new file mode 100644
index 00000000..34bfb6f8
--- /dev/null
+++ b/src/detections/sysmon.rs
@@ -0,0 +1,37 @@
+use crate::models::event;
+use std::collections::HashMap;
+
+pub struct Sysmon {}
+
+impl Sysmon {
+    pub fn new() -> Sysmon {
+        Sysmon {}
+    }
+
+    pub fn detection(
+        &mut self,
+        event_id: String,
+        system: &event::System,
+        event_data: HashMap<String, String>,
+    ) {
+        if event_id == "1" {
+            &self.sysmon_event_1(event_data);
+        } else if event_id == "7" {
+            &self.sysmon_event_7(event_data);
+        }
+    }
+
+    fn sysmon_event_1(&mut self, event_data: HashMap<String, String>) {
+        println!("Message : Sysmon event 1");
+        if let Some(_image) = event_data.get("Image") {
+            println!("_image : {}",_image);
+        }
+        if let Some(_command_line) = event_data.get("CommandLine") {
+            println!("_command_line : {}",_command_line);
+        }
+    }
+
+    fn sysmon_event_7(&mut self, event_data: HashMap<String, String>) {
+        println!("Message : Sysmon event 7");
+    }
+}