Expand on `sysmon` in tools section

[besimorhino]

Please be sure to add a few elements to the sysmon entry in the tools section.

Please include info about how sysmon's configuration is managed by the xml file.

Also point out that the default sysmon config is NOT apropriate for logging (it's more for debug and troubleshooting). I'd like it if you included pointers/suggestions that folks use either the Swift on Security config (as a good getting started set) https://github.com/SwiftOnSecurity/sysmon-config

or use sysmon modular (total fine grained control over everything) https://github.com/olafhartong/sysmon-modular

[juju4]

sysmon-config is not much maintained now. sysmon modular or Neo23x0 fork (https://github.com/Neo23x0/sysmon-config) are preferable.

On sysmon for linux, mstic team one: https://github.com/microsoft/MSTIC-Sysmon/tree/main/linux/configs