Sysmon Framework is a set of rules and dashboards for visualization of multiple security checks on Sysmon’s events on Windows hosts. Sysmon is a de-facto standard to extend Microsoft Windows audit which allows to detect anomalies, suspicious events on Windows hosts, gather SHA-256 hashes from every running executable etc. Further analysis is needed to check if they are caused by malware, user's data leakage intentions or other reasons. Sysmon Framework contains 26 scenarios which are recommended for monitoring in SOC and early detection of APT activity.