(also system monitor)
Add-on for detecting malicious activity on Windows. It performs this detection through tracking code behavior and network traffic. Sysmon monitors and logs system activity at a higher level than other logging software, paying attention to processes, network connections, and changes done to the system files.
By logging and analyzing all activity on the network, Sysmon can help you identify suspicious or anomalous activity that might be malicious. It also allows network managers to see how intruders and malware might operate on their network.
