This article explains how to install and configure Sysmon. Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting. It is a part of popular set of troubleshooting tools called Sysinternals, the creation of none other than Mark Russonivich, Microsoft’s CTO of Azure.
...
- Download both Sysmon and the Sysmon configuration. The configuration is a locally hosted xml file.
- Extract Sysmon to a directory and place the configuration.xml in the same directory.
- Open Windows command prompt in 'Run as Administrator' mode and navigate to the sysmon directory.
- Use the following command to install and enable the sysmon service. - .\Sysmon.exe -i .\config_v14.xml -accepteula
Wait for Install to finish.
...