Microsoft documentation here: Sysmon – Sysinternals | Microsoft Learn Logs location: C:\Windows\System32\winevt\Logs config.xml file from SwiftOnSecurity: GitHub – SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing