There are 14 repositories under sysmon topic.
Sysmon configuration file template with default high-quality event tracing
Automate the creation of a lab environment complete with security tooling and logging best practices
Block spying and tracking on Windows
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
A repository of sysmon configuration modules
Utilities for Sysmon
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Documentation and scripts to properly enable Windows event logs.
Investigate suspicious activity by visualizing Sysmon's event log
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
Endpoint detection & Malware analysis software
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Consolidation of various resources related to Microsoft Sysmon & sample data/log
ThreatSeeker: Threat Hunting via Windows Event Logs
RDLL for Cobalt Strike beacon to silence sysmon process
A Ruleset to enhance detection capabilities of Ossec using Sysmon
SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Sysmon and wazuh integration with Sigma sysmon rules [updated]
Deploy and maintain Symon through the Splunk Deployment Sever
This repository contains Splunk queries to hunt some anomalies
Universal Winlogbeat configuration
Command line & PPID spoofing
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Ansible role for installing Sysmon with popular config files included.