#
sysmon
Here are 62 public repositories matching this topic...
Sysmon configuration file template with default high-quality event tracing
-
Updated
Sep 19, 2020
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
-
Updated
Sep 17, 2020 - Python
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible
vagrant
packer
powershell
terraform
detection
dfir
vagrantfile
sysmon
osquery
information-security
lab-environment
detectionlab
dfir-automation
-
Updated
Sep 22, 2020 - HTML
kingk789
commented
Feb 3, 2020
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
Dec 27, 2019
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
-
Updated
Feb 7, 2020
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Aug 28, 2020 - HCL
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
graylog
logging
dfir
sysmon
threat-hunting
threat-sharing
threatintel
netsec
sysinternals
graylog-plugin
threat-analysis
threat-intelligence
mitre-attack
-
Updated
Feb 20, 2019 - Batchfile
Test Blue Team detections without running any attack.
-
Updated
Apr 29, 2020 - C#
Open Source Endpoint Detection System for Windows
-
Updated
Jul 30, 2020 - Go
Endpoint detection & Malware analysis software
-
Updated
Dec 20, 2019 - Python
Signature Engine for Windows Event Logs
-
Updated
Jul 10, 2020 - Go
Consolidation of various resources related to Microsoft Sysmon & sample data/log
-
Updated
Mar 8, 2019 - Python
Deploy and maintain Symon through the Splunk Deployment Sever
-
Updated
Jul 30, 2020 - Batchfile
incident response scripts
-
Updated
Mar 4, 2019 - PowerShell
Sysmon and wazuh integration with Sigma sysmon rules [updated]
-
Updated
Jul 8, 2019
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows
analytics
analysis
dotnet
powershell
detection
logging
logs
cybersecurity
sysmon
siem
hunting
forwarder
defense
eventlog
log-forwarder
evtx
logging-framework
logging-agent
windowsevents
-
Updated
Jun 19, 2020 - C#
A PowerShell script to prevent Sysmon from writing its events
-
Updated
Apr 23, 2020 - PowerShell
-
Updated
Nov 4, 2018 - PowerShell
Burnham Forensics ELK Deployment Files
-
Updated
Apr 20, 2019
Improve this page
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."
Someone should map publicly available EVTX samples to Sigma rules. This would enable us to automatically test the correctness of generated queries.
Known security-related EVTX repositories:
Feel free to extend the list.
Mapping should be:
Sigma rule -> Repository/EVTX ( -> expected matched