sysmon
There are 119 repositories under sysmon topic.
SigmaHQ/sigma
Main Sigma Rule Repository
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
crazy-max/WindowsSpyBlocker
Block spying and tracking on Windows
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
olafhartong/sysmon-modular
A repository of sysmon configuration modules
nshalabi/SysmonTools
Utilities for Sysmon
0xrawsec/whids
Open Source EDR for Windows
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Yamato-Security/EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
n0dec/MalwLess
Test Blue Team detections without running any attack.
yarox24/attack_monitor
Endpoint detection & Malware analysis software
matterpreter/Shhmon
Neutering Sysmon via driver unload
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
AustralianCyberSecurityCentre/windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
ine-labs/ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
jymcheong/SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
LaresLLC/SysmonConfigPusher
Pushes Sysmon Configs
Hestat/ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
ScriptIdiot/SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
huoji120/DuckSysEye
SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
sametsazak/sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
MHaggis/sysmon-splunk-app
Sysmon Splunk App
MHaggis/app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
signorrayan/SplunkThreatHunting
This repository contains Splunk queries to hunt some anomalies
jhochwald/Universal-Winlogbeat-configuration
Universal Winlogbeat configuration
olafhartong/TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
Kara-4search/PEB-PPIDspoofing_Csharp
Command line & PPID spoofing
ceramicskate0/SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
j91321/ansible-role-sysmon
Ansible role for installing Sysmon with popular config files included.