Sysmon (System Monitor) is a free Windows tool from Microsoft Sysinternals that logs detailed information about process creation, network connections, file changes, and registry access. Logs can be forwarded to a SIEM for correlation. You configure Sysmon via an XML file that defines which events are captured. In threat hunting and incident response, Sysmon provides valuable telemetry. In an ISMS, Sysmon is an endpoint-logging control that complements EDR solutions with additional visibility.