Microsoft offers tools to enhance both on-premises and cloud logging. Sysmon is a Windows system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation times been downloaded and unzipped to the default default for the default version of System Monitor. For more information on System Monitor (Sysmon) or Azure Sentinel, visit the end of this article.”]