Sysmon has been a game changer for many organizations allowing their teams to fine tune their detection of malicious activity when combined with tools that aggregate and correlate events.
A new version of Symon was recently released. Version 6.20 fixes bugs and adds new features. Some the of the note worthy changes for me are:
* Enhancements in WMI Logging.
* Ability to change driver name.
* Ability to change service name and service executable name.