System Monitor (Sysmon) is a Windows system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about:
process creations
network connections
changes to files
Events within Sysmon are stored in Applications and Services Logs/Microsoft/Windows/Sysmon/Operational.
