Sysmon overview

Sysmon is a Sysinternals tool that enhances Windows logging. Out of the box, Windows event logs are pretty bare. Sysmon fills the gaps with process creation, network connections, file changes, etc. You configure what to capture via XML config files.