microsoft/sysmon

Monitor system changes and set up alerts for anomalous events by ingesting Microsoft Sysmon logs into LogScale.

System Monitor (Sysmon) is a Windows system service and device driver that once installed remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. Sysmon logs provide a more detailed view of system activity than what users can get out of the endpoint sensor. This includes information on process creation and termination, network connections, file creation, and more.

This package provides a parser for Sysmon events in JSON format.