Sysmon

Description: Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log
Installation: download from https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
Usage: change to downloaded directory, run sysmon -i as admin in command prompt, sysmon logs sent to Windows Event Viewer
Resources
- Sysmon Configuration File
- Install and use Sysmon for malware investigation

Last updated 1 year ago