sysmon
There are 112 repositories under sysmon topic.
SigmaHQ/sigma
Main Sigma Rule Repository
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
crazy-max/WindowsSpyBlocker
Block spying and tracking on Windows
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
olafhartong/sysmon-modular
A repository of sysmon configuration modules
nshalabi/SysmonTools
Utilities for Sysmon
0xrawsec/whids
Open Source EDR for Windows
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Yamato-Security/EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
wecooperate/iMonitorSDK
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
n0dec/MalwLess
Test Blue Team detections without running any attack.
yarox24/attack_monitor
Endpoint detection & Malware analysis software
matterpreter/Shhmon
Neutering Sysmon via driver unload
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
AustralianCyberSecurityCentre/windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
jymcheong/SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
LaresLLC/SysmonConfigPusher
Pushes Sysmon Configs
ine-labs/ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
ScriptIdiot/SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
Hestat/ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
huoji120/DuckSysEye
SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
sametsazak/sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
MHaggis/sysmon-splunk-app
Sysmon Splunk App
MHaggis/app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
signorrayan/SplunkThreatHunting
This repository contains Splunk queries to hunt some anomalies
olafhartong/TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
jhochwald/Universal-Winlogbeat-configuration
Universal Winlogbeat configuration
Kara-4search/PEB-PPIDspoofing_Csharp
Command line & PPID spoofing
ceramicskate0/SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
j91321/ansible-role-sysmon
Ansible role for installing Sysmon with popular config files included.