# Sysmon

* Description: Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log
* Installation: download from <https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon>
* Usage: change to downloaded directory, run sysmon -i as admin in command prompt, sysmon logs sent to Windows Event Viewer
* Resources
  * [Sysmon Configuration File](https://github.com/SwiftOnSecurity/sysmon-config)
  * [Install and use Sysmon for malware investigation](https://support.sophos.com/support/s/article/KB-000038882?language=en_US)