Found 2,775 repositories(showing 30)
SigmaHQ
Main Sigma Rule Repository
SwiftOnSecurity
Sysmon configuration file template with default high-quality event tracing
crazy-max
Block spying and tracking on Windows
clong
Automate the creation of a lab environment complete with security tooling and logging best practices
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
olafhartong
A repository of sysmon configuration modules
microsoft
Sysmon for Linux
nshalabi
Utilities for Sysmon
trustedsec
TrustedSec Sysinternals Sysmon Community Guide
0xrawsec
Open Source EDR for Windows
edoardogerosa
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
MHaggis
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
ScarredMonk
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
wagga40
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
fossfreedom
Ayatana application indicator to show various system parameters - Debian and Ubuntu
KrispyCamel4u
Linux system monitor with the compactness and usefulness of windows task manager to allow higher control and monitoring.
Yamato-Security
Documentation and scripts to properly enable Windows event logs.
0x783kb
常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
bats3c
Evade sysmon and windows event logging
olafhartong
All sysmon event types and their fields explained
RoomaSec
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
blackhillsinfosec
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
JPCERTCC
Investigate suspicious activity by visualizing Sysmon's event log
pathtofile
Sysmon-Like research tool for ETW
wecooperate
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
lucky-luk3
Threat Hunting tool about Sysmon and graphs
activecm
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
MatthiasSchinzel
Graphical system monitor for linux, including information about CPU, GPU, Memory, HDD/SDD and your network connections. Similar to windows task manager.
microsoft
The Linux port of the Sysinternals Sysmon tool.
n0dec
Test Blue Team detections without running any attack.