#
sysmon
Here are 75 public repositories matching this topic...
Sysmon configuration file template with default high-quality event tracing
-
Updated
Oct 18, 2021
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible
vagrant
packer
powershell
terraform
detection
dfir
vagrantfile
sysmon
osquery
information-security
lab-environment
detectionlab
dfir-automation
-
Updated
Nov 9, 2021 - HTML
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
-
Updated
May 22, 2021 - Python
kingk789
commented
Feb 3, 2020
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
Aug 11, 2021
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure
detection
logging
cybersecurity
sysmon
threat-hunting
siem
security-tools
blue-team
mitre-attack
workbooks
sysmon-config
terraform-azure
kql
azure-sentinel
-
Updated
Apr 27, 2021 - HCL
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
-
Updated
Feb 7, 2020
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
graylog
logging
dfir
sysmon
threat-hunting
threat-sharing
threatintel
netsec
sysinternals
graylog-plugin
threat-analysis
threat-intelligence
mitre-attack
-
Updated
Feb 20, 2019 - Batchfile
Test Blue Team detections without running any attack.
-
Updated
Oct 11, 2021 - C#
Endpoint detection & Malware analysis software
-
Updated
Dec 20, 2019 - Python
Signature Engine for Windows Event Logs
-
Updated
Sep 26, 2021 - Go
系统监控开发套件(sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理)
security
kernel
etw
defender
sysmon
access-control
procmon
monitoring-tool
zero-trust
edr
endpoint-security
-
Updated
Oct 23, 2021 - C++
Consolidation of various resources related to Microsoft Sysmon & sample data/log
-
Updated
Sep 20, 2021 - Python
Deploy and maintain Symon through the Splunk Deployment Sever
-
Updated
Jul 30, 2020 - Batchfile
Sysmon and wazuh integration with Sigma sysmon rules [updated]
-
Updated
Jul 21, 2021
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
windows
analytics
analysis
dotnet
powershell
detection
logging
logs
cybersecurity
sysmon
siem
hunting
forwarder
defense
eventlog
log-forwarder
evtx
logging-framework
logging-agent
windowsevents
-
Updated
Jul 21, 2021 - C#
incident response scripts
-
Updated
Mar 4, 2019 - PowerShell
A PowerShell script to prevent Sysmon from writing its events
-
Updated
Apr 23, 2020 - PowerShell
System Processes Correlation Engine
-
Updated
Feb 23, 2021 - Python
Improve this page
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."
The generic Windows audit log config lacks many event ids, e.g.