Sysmon
Sysmon
(also system monitor)
Sysmon definition
Add-on for detecting malicious activity on Windows. It performs this detection through tracking code behavior and network traffic. Sysmon monitors and logs system activity at a higher level than other logging software, paying attention to processes, network connections, and changes done to the system files.
Sysmon use cases
By logging and analyzing all activity on the network, Sysmon can help you identify suspicious or anomalous activity that might be malicious. It also allows network managers to see how intruders and malware might operate on their network.
