Welcome to my random collection of helpful tools and resources. Enjoy!
Telemetry, logging and EDR
Part of Microsoft’s Sysinternals suite and probably the best free tool you can use to improve visibility in your Windows environment. Did I mention it’s free? Sysmon does require some configuration, but there are good configs out there (see below).
Olaf Hartong’s Modular Sysmon Config is an incredible configuration that uses many different include/exclude conditions, as well as useful metadata for the events that get logged. Consider adopting it or using it as a helpful resource in developing your own config.
SwiftOnSecurity is a great base-config to start out with. It has not been updated in quite some time, but it is a decent place to start with if you are looking for something a little more basic.
One of my favorite resources for learning about Sysmon is the Sysmon Community Guide by TrustedSec.