# Links - [Sysmon: How To Setup, Configure, and Analyze the System Monitor’s Events | by Syed Hasan | Medium](https://syedhasan010.medium.com/sysmon-how-to-setup-configure-and-analyze-the-system-monitors-events-930e9add78d) - [Download, Install, and Configure Sysmon for Windows | Blumira](https://www.blumira.com/enable-sysmon/) - [Sysmon - Sysinternals | Microsoft Learn](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon) - # Troubleshooting and Logging in Windows ## What are Event IDs? Where are they from? Why are they important? - [Event Identifiers (Event Logging) - Win32 apps | Microsoft Learn](https://learn.microsoft.com/en-us/windows/win32/eventlog/event-identifiers) - [Appendix L - Events to Monitor | Microsoft Learn](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor) - # Setting Up and Using Sysmon - Pasted config XML file (chose default) from Sysmon modular - [olafhartong/sysmon-modular: A repository of sysmon configuration modules](https://github.com/olafhartong/sysmon-modular) - Created config.xml file in Sysinternals folder - Ran commands - https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#examples - Make sure to do this as admin -  -  # Sysmon Use Cases, Can AV Replace It? - .