We have created a set of queries for sysmon log files that will process each of the Event types that sysmon records – there are 15 different events at the time of writing. You can download these queries from Nettitude’s github account. LogParser studio will allow you to open each query in a separate tab; you can switch tabs according to your investigative needs.
Sample LogParser SQL query
Download Microsoft Logparser Query Files
We will update these as more events become available.