sysmon

There are 14 repositories under sysmon topic.

SigmaHQ / sigma
Main Sigma Rule Repository
security monitoring siem logging signatures elasticsearch splunk ids sysmon
Language:Python 7598
SwiftOnSecurity / sysmon-config
Sysmon configuration file template with default high-quality event tracing
sysmon threatintel threat-hunting sysinternals windows netsec monitoring logging
4564
clong / DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
vagrant vagrantfile packer information-security lab-environment dfir terraform ansible powershell detection detectionlab osquery sysmon dfir-automation
Language:HTML 4502
WindowsSpyBlocker
crazy-max / WindowsSpyBlocker
Block spying and tracking on Windows
windows spy blocker dnscrypt proxifier wireshark qemu sysmon openwrt firewall ncsi hostsfile telemetry
Language:Go 4444
OTRF / ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
threat-hunting sysmon hunting-campaigns hypothesis hunting dfir hunter mitre-attack-db mitre
Language:Python 3860
olafhartong / sysmon-modular
A repository of sysmon configuration modules
sysmon dfir threat-hunting mitre-attack modular security-tools
Language:PowerShell 2485
nshalabi / SysmonTools
Utilities for Sysmon
logging monitoring netsec sysinternals sysmon threat-hunting threat-intelligence threatintel windows
1445
0xrawsec / whids
Open Source EDR for Windows
dfir threat-hunting windows ids sysmon edr
Language:Go 1048
sentinel-attack
netevert / sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
siem threat-hunting azure-sentinel mitre-attack sysmon sysmon-config azure blue-team cybersecurity logging security-tools detection kql workbooks terraform-azure
Language:HCL 1037
MHaggis / sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
sysmon
885
ion-storm / sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
sysmon threatintel threat-hunting netsec sysinternals logging graylog graylog-plugin dfir threat-intelligence threat-sharing threat-analysis mitre-attack digitalforensics forensic-analysis forensicartifacts forensics siem sigma-rules humio
Language:PowerShell 749
wagga40 / Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
sigma python3 evtx sigma-rules detection auditd sysmon pysigma evtxtract forensics forensics-tools
Language:Python 593
Yamato-Security / EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
auditing dfir event forensics hayabusa logs monitoring security sigma sysmon windows
Language:Batchfile 441
JPCERTCC / SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
security kibana elasticsearch sysmon stix stix2
Language:JavaScript 409
RoomaSec / RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
edr sysmon threat-hunting
Language:Python 399
wecooperate / iMonitorSDK
系统监控开发套件（sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱）
sysmon defender edr security procmon endpoint-security monitoring-tool etw kernel zero-trust access-control
Language:C++ 320
n0dec / MalwLess
Test Blue Team detections without running any attack.
blueteam dfir mitre-attack sysmon siem redteam powershell hacktoberfest
Language:C# 270
yarox24 / attack_monitor
Endpoint detection & Malware analysis software
security-tools malware-analysis endpoint-security sysmon
Language:Python 222
matterpreter / Shhmon
Neutering Sysmon via driver unload
csharp sysmon evasion
Language:C# 216
ion-storm / sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
edr sysmon sysmon-edr
Language:PowerShell 209
AustralianCyberSecurityCentre / windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
windows logging event-log wmi sysmon
Language:PowerShell 205
jymcheong / SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
sysmon threat threat-hunting
Language:Python 94
LaresLLC / SysmonConfigPusher
Pushes Sysmon Configs
sysmon threat-hunting windows siem
Language:C# 91
ine-labs / ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
evtx log-analysis sysmon threat threat-detection threat-intelligence windows
Language:Python 85
ScriptIdiot / SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
cobaltstrike sysmon rdll redteam
Language:C 83
Hestat / ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
dfir ossec wazuh sysmon
Language:PowerShell 79
huoji120 / DuckSysEye
SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
edr osquery sysmon threat-hunting threat-modeling
62
sametsazak / sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
wazuh sysmon ossec security-tools security sysmon-config wazuh-manager sigma
55
MHaggis / sysmon-splunk-app
Sysmon Splunk App
sysmon splunk
45
MHaggis / app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
sysmon splunk threat
38
olafhartong / TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
sysmon splunk-deployment splunk dfir threat-hunting
Language:Batchfile 31
signorrayan / SplunkThreatHunting
This repository contains Splunk queries to hunt some anomalies
anomaly-detection dashboard fortigate splunk suricata sysmon threat-hunting zeek
30
jhochwald / Universal-Winlogbeat-configuration
Universal Winlogbeat configuration
graylog winlogbeat windows windows-10 filebeat windows-server sysmon examples logging siem yml filter universal
27
Kara-4search / PEB-PPIDspoofing_Csharp
Command line & PPID spoofing
bypass sysmon csharp edr redteam pentest ppid avatar
Language:C# 24
ceramicskate0 / SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows eventlog forwarder logging dotnet logs defense logging-agent log-forwarder hunting cybersecurity siem powershell detection windowsevents analytics analysis evtx logging-framework sysmon
Language:C# 23
j91321 / ansible-role-sysmon
Ansible role for installing Sysmon with popular config files included.
ansible ansible-role linux monitoring security sysmon windows
Language:Jinja 22

sysmon

SigmaHQ / sigma

SwiftOnSecurity / sysmon-config

clong / DetectionLab

crazy-max / WindowsSpyBlocker

OTRF / ThreatHunter-Playbook

olafhartong / sysmon-modular

nshalabi / SysmonTools

0xrawsec / whids

netevert / sentinel-attack

MHaggis / sysmon-dfir

ion-storm / sysmon-config

wagga40 / Zircolite

Yamato-Security / EnableWindowsLogSettings

JPCERTCC / SysmonSearch

RoomaSec / RmEye

wecooperate / iMonitorSDK

n0dec / MalwLess

yarox24 / attack_monitor

matterpreter / Shhmon

ion-storm / sysmon-edr

AustralianCyberSecurityCentre / windows_event_logging

jymcheong / SysmonResources

LaresLLC / SysmonConfigPusher

ine-labs / ThreatSeeker

ScriptIdiot / SysmonQuiet

Hestat / ossec-sysmon

huoji120 / DuckSysEye

sametsazak / sysmon

MHaggis / sysmon-splunk-app

MHaggis / app_splunk_sysmon_hunter

olafhartong / TA-Sysmon-deploy

signorrayan / SplunkThreatHunting

jhochwald / Universal-Winlogbeat-configuration

Kara-4search / PEB-PPIDspoofing_Csharp

ceramicskate0 / SWELF

j91321 / ansible-role-sysmon