This is superb work.  Read on for info about endpoint data collection using sysmon.

SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing - SwiftOnSecurity/sysmon-config
GitHubSwiftOnSecurity