[sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon)

[sysmon config](https://github.com/olafhartong/sysmon-modular)

[inputs for splunk](https://github.com/mdecrevoisier/Splunk-input-windows-baseline/blob/main/splunk-windows-input/win_input.conf)

[splunk universal forwarder](https://www.splunk.com/en_us/download/universal-forwarder.html)

[elastic agent](https://www.elastic.co/downloads/elastic-agent)


## Event Logs
- process tracking #enables CMD logging
- enable wmi
- enable powershell remoting
- [Audit Policy](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)