Sysmon is a Windows system monitoring tool that runs as a service and logs detailed system activity to the Windows Event Log. It records events such as process creation, network connections, and changes to file creation timestamps. Sysmon can capture hashes of executable files for integrity verification and forensic purposes. Security teams leverage Sysmon to build enhanced logs that improve the detection of suspicious activity and malware behavior. It is commonly integrated with SIEM solutions to enable real-time monitoring, alerting, and incident response.
Details
Deployment mode
Desktop Windows
On-premise Linux
Training and support
Free trial available:
No
Available trainings
No