sysmon
There are 155 repositories under sysmon topic.
SigmaHQ/sigma
Main Sigma Rule Repository
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
crazy-max/WindowsSpyBlocker
Block spying and tracking on Windows
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
olafhartong/sysmon-modular
A repository of sysmon configuration modules
nshalabi/SysmonTools
Utilities for Sysmon
0xrawsec/whids
Open Source EDR for Windows
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Yamato-Security/EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
n0dec/MalwLess
Test Blue Team detections without running any attack.
matterpreter/Shhmon
Neutering Sysmon via driver unload
yarox24/attack_monitor
Endpoint detection & Malware analysis software
AustralianCyberSecurityCentre/windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
ine-labs/ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
jymcheong/SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
0xrajneesh/Log-Analysis-Projects-for-Beginners
Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis
Hestat/ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
ScriptIdiot/SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
LaresLLC/SysmonConfigPusher
Pushes Sysmon Configs
sametsazak/sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
huoji120/DuckSysEye
SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
MHaggis/sysmon-splunk-app
Sysmon Splunk App
signorrayan/Splunk-Threat-Hunting
This repository contains Splunk queries to hunt some anomalies
MHaggis/app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
bobby-tablez/Enable-All-The-Logs
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
jhochwald/Universal-Winlogbeat-configuration
Universal Winlogbeat configuration
olafhartong/TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
Kara-4search/PEB-PPIDspoofing_Csharp
Command line & PPID spoofing