System Monitor (Sysmon) is a Windows system service and device driver that provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network.
In this video, Sysmon expert Thomas Garnier provides a closer look at System Monitor, a popular utility from the Microsoft Sysinternals suite, through demos and tips.
Want to learn more about Sysmon? Visit aka.ms/SystemMonitor to download the tool and access technical documentation.
Ready to explore other Sysinternals tools? Check out the rest of the Sysinternals playlist (aka.ms/SysinternalsVideos)!