My take -
@SwiftonSecurity released a config file for sysmon to help cut through the clutter. There is a steep learning curve with sysmon, so I wouldn’t recommend blindly applying this, but it definitely is a good starting point. I’ve also included a link below to Lennart Koopmann’s take on the config, which explains it a little more.
From the article:
“sysmon-config | A Sysmon configuration file for everybody to fork
This is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing. The file provided should function as a great starting point for system change monitoring in a self-contained package. This configuration and results should give you a good idea of what’s possible for Sysmon.”
Original Article - SwiftonSecurity sysmon-config
Related Article - Lennart Koopmann on Medium.com