Sysmon

System Monitor — a free Sysinternals/Microsoft tool that augments the event log with telemetry the base OS doesn't capture in usable form: full process command lines (event 1), network connections (3), DLL loads (7), file creates (11), registry value sets (13), DNS queries (22). Requires a config file; SwiftOnSecurity's and Olaf Hartong's are the canonical references.