sysmon homepage
Sysmon - Windows Sysinternals
Monitors and reports key system activity via the Windows event log.
docs.microsoft.com
sysmon configuration sample
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing - SwiftOnSecurity/sysmon-config
github.com
Sysinternals System Monitor(Sysmon)을 이용한 System 탐지방안