Summary
-Sysmon is a powerful Windows service that logs system activity, helping defenders detect, analyse and respond to malicious behaviour by providing deeper visibility into system activity. -While some default configuration is enabled providing more detailed Windows Event Log data, the tool becomes much more powerful with a little tailoring to your specific needs. -This creates considerably more event log data, but it is structured in a way that allows easier parsing with XML, and the increased volume of data is worth the extra work for the security benefits. -The article provides a summary of the kinds of events that sysmon tracks, with a specific focus on those which are most useful for detecting malicious activity.