#
sysmon
Here are 66 public repositories matching this topic...
Sysmon configuration file template with default high-quality event tracing
-
Updated
Sep 19, 2020
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible
vagrant
packer
powershell
terraform
detection
dfir
vagrantfile
sysmon
osquery
information-security
lab-environment
detectionlab
dfir-automation
-
Updated
Nov 24, 2020 - HTML
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
-
Updated
Nov 30, 2020 - Python
kingk789
commented
Feb 3, 2020
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
Dec 27, 2019
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
-
Updated
Feb 7, 2020
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Nov 6, 2020 - HCL
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
graylog
logging
dfir
sysmon
threat-hunting
threat-sharing
threatintel
netsec
sysinternals
graylog-plugin
threat-analysis
threat-intelligence
mitre-attack
-
Updated
Feb 20, 2019 - Batchfile
Test Blue Team detections without running any attack.
-
Updated
Oct 8, 2020 - C#
Open Source Endpoint Detection System for Windows
-
Updated
Jul 30, 2020 - Go
Endpoint detection & Malware analysis software
-
Updated
Dec 20, 2019 - Python
Signature Engine for Windows Event Logs
-
Updated
Nov 6, 2020 - Go
Consolidation of various resources related to Microsoft Sysmon & sample data/log
-
Updated
Mar 8, 2019 - Python
Deploy and maintain Symon through the Splunk Deployment Sever
-
Updated
Jul 30, 2020 - Batchfile
Sysmon and wazuh integration with Sigma sysmon rules [updated]
-
Updated
Jul 8, 2019
incident response scripts
-
Updated
Mar 4, 2019 - PowerShell
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows
analytics
analysis
dotnet
powershell
detection
logging
logs
cybersecurity
sysmon
siem
hunting
forwarder
defense
eventlog
log-forwarder
evtx
logging-framework
logging-agent
windowsevents
-
Updated
Nov 19, 2020 - C#
A PowerShell script to prevent Sysmon from writing its events
-
Updated
Apr 23, 2020 - PowerShell
System Processes Correlation Engine
-
Updated
Nov 25, 2020 - Python
-
Updated
Nov 4, 2018 - PowerShell
Improve this page
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."
The generic Windows audit log config lacks many event ids, e.g.