Description: Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log

Installation: download from https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

Usage: change to downloaded directory, run sysmon -i as admin in command prompt, sysmon logs sent to Windows Event Viewer

Resources

• Sysmon Configuration File

• Install and use Sysmon for malware investigation