SYSMON

Sysmon is a part of the Windows Sysinternals package. it is a monitoring tool that provides detailed event logging and anomaly detection. It enhances Windows Event Logs with more granular control and is often used with SIEM systems to aggregate, filter, and analyze security events.

EXAMPLE CONFIGURATION FILE