System Monitor (Sysmon) is a Windows system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows Event Log. It provides detailed information about process creations, network connections, and changes to file creation time. Sysmon is a free Windows Sysinternals tool from Microsoft.

Installation of Sysmon is optional, but highly recommended.

To install Sysmon

1. Download the Sysmon ZIP file and unzip it in the target system.

2. Download the Sysmon configuration file to a folder and name the file sysmon_config.xml.

3. Install Sysmon in the Windows system and execute the following command:

   sysmon.exe -accepteula -h md5 -n -l -i sysmon_config.xml

   Sysmon starts logging the information to the Windows Event Log.

4. Open USM Anywhere and verify that you are receiving Sysmon events.