How to Tune Windows System Monitor (Sysmon)
One of the more disheartening aspects of log collection within the Windows Operating system are the limited number of out of the box events related to security. It is often desirable to capture any unknown or malicious running processes, capture the source process for outbound connections, identify modifications to files and the registry, and to capture command and PowerShell commands that are run on a particular endpoint. Luckily for systems administrators, Microsoft provides a great tool for this type of log capture within the SysInternals suite called system monitor, or Sysmon.