Microsoft Sysinternals tool that adds high-fidelity event logging to Windows.
System Monitor (Sysmon) is a Windows system service that logs detailed information about process creation, network connections, file changes, image loads and other forensically-interesting events to the Windows Event Log. It produces signal that the default Windows Security log does not.
Detection engineers ship Sysmon configurations (e.g., the SwiftOnSecurity baseline) to give SIEM rules richer process and network telemetry. CloudSigma's Windows endpoint rules target either the Windows Security channel or the Sysmon channel depending on the technique.