How to get started with Microsoft Sysinternals’ Sysmon Advanced Event Logging
Sysmon is a powerful tool to enhance the Windows Event Logs for threat hunting and security operations. This post covers what Sysmon is and how to write Sysmon rules for your environment.