Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

A practical guide for installing and configuring Sysmon to enhance Windows system visibility, event logging, and detection capabilities for DFIR and threat monitoring.

No description available

An AI-driven DFIR reasoning engine that correlates real-time Sysmon events and uses LLMs to generate high-fidelity threat intelligence reports.

No description available

No description available

Hands-on SOC analyst portfolio: KQL, Sentinel, Sysmon, Wazuh, Sigma, case reports, threat hunting, and DFIR basics.

A fully isolated, virtualized DFIR laboratory featuring centralized logging (Sysmon/NXLog/Syslog-ng), network segmentation, and a SIFT forensic workstation for threat analysis.

Open-source SOC platform — Wazuh SIEM + Velociraptor DFIR + AI alert triage. One-command setup for any security teams. Includes Sysmon config, Telegram alerts, client portal and automated threat correlation.

I created This repository provides a guide and resources for installing and configuring Sysmon (System Monitor) on Windows systems. Sysmon, part of Microsoft's Sysinternals suite, enhances system monitoring capabilities by logging detailed information about process creations, network connections, and more, aiding in ID and DFIR