29 results found Sort:

SigmaHQ
sigma SigmaHQ
2.3k
9.1k
other
352
Main Sigma Rule Repository
ids siem splunk sysmon logging security monitoring signatures elasticsearch
Created 2016-12-24
16,407 commits to master branch, last one 7 days ago
SwiftOnSecurity
sysmon-config SwiftOnSecurity
1.7k
5.0k
unknown
359
Sysmon configuration file template with default high-quality event tracing
netsec sysmon logging windows monitoring threatintel sysinternals threat-hunting
Created 2017-02-01
173 commits to master branch, last one 3 years ago
crazy-max
WindowsSpyBlocker crazy-max
368
4.8k
mit
145
Block spying and tracking on Windows
spy ncsi qemu sysmon blocker openwrt windows dnscrypt firewall hostsfile proxifier telemetry wireshark
Created 2016-03-04
815 commits to master branch, last one 2 months ago
clong
DetectionLab clong
992
4.7k
mit
155
Automate the creation of a lab environment complete with security tooling and logging best practices
dfir packer sysmon ansible osquery vagrant detection terraform powershell vagrantfile detectionlab dfir-automation lab-environment information-security
Created 2017-03-25
1,222 commits to master branch, last one 2 years ago
OTRF
ThreatHunter-Playbook OTRF
825
4.2k
mit
373
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
dfir mitre hunter sysmon hunting hypothesis threat-hunting mitre-attack-db hunting-campaigns
Created 2017-03-28
466 commits to master branch, last one 2 years ago
olafhartong
sysmon-modular olafhartong
617
2.8k
mit
164
A repository of sysmon configuration modules
dfir sysmon modular mitre-attack security-tools threat-hunting
Created 2018-01-13
891 commits to master branch, last one about a year ago
nshalabi
SysmonTools nshalabi
205
1.5k
unknown
93
Utilities for Sysmon
netsec sysmon logging windows monitoring threatintel sysinternals threat-hunting threat-intelligence
Created 2017-06-10
85 commits to master branch, last one about a month ago
0xrawsec
whids 0xrawsec
145
1.2k
agpl-3.0
44
Open Source EDR for Windows
edr ids dfir sysmon windows threat-hunting
Created 2018-01-23
204 commits to master branch, last one 2 years ago
netevert
sentinel-attack netevert
207
1.1k
mit
70
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
kql siem azure sysmon logging blue-team detection workbooks mitre-attack cybersecurity sysmon-config azure-sentinel security-tools threat-hunting terraform-azure
Created 2019-05-30
321 commits to master branch, last one 4 months ago
MHaggis
sysmon-dfir MHaggis
183
917
gpl-3.0
113
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
sysmon
Created 2017-01-11
72 commits to master branch, last one about a year ago
wagga40
Zircolite wagga40
96
710
unknown
25
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
evtx sigma auditd sysmon pysigma python3 detection evtxtract forensics sigma-rules forensics-tools
Created 2021-03-02
243 commits to master branch, last one 19 days ago
Yamato-Security
EnableWindowsLogSettings Yamato-Security
53
604
gpl-3.0
14
Documentation and scripts to properly enable Windows event logs.
dfir logs event sigma sysmon windows auditing hayabusa security forensics monitoring
Created 2022-09-22
49 commits to main branch, last one about a year ago
RoomaSec
RmEye RoomaSec
80
507
apache-2.0
14
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
edr sysmon threat-hunting
Created 2022-08-22
66 commits to main branch, last one about a year ago
JPCERTCC
SysmonSearch JPCERTCC
57
421
other
41
Investigate suspicious activity by visualizing Sysmon's event log
stix stix2 kibana sysmon security elasticsearch
Created 2018-07-31
7 commits to master branch, last one about a year ago
wecooperate
iMonitorSDK wecooperate
83
352
unknown
11
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
edr etw kernel sysmon procmon defender security zero-trust access-control monitoring-tool endpoint-security
Created 2021-09-25
3 commits to master branch, last one 2 months ago
n0dec
MalwLess n0dec
58
272
gpl-3.0
29
Test Blue Team detections without running any attack.
dfir siem sysmon redteam blueteam powershell mitre-attack hacktoberfest
Created 2018-04-29
131 commits to master branch, last one 3 years ago
matterpreter
Shhmon matterpreter
37
228
bsd-3-clause
9
Neutering Sysmon via driver unload
csharp sysmon evasion
Created 2019-09-12
27 commits to master branch, last one 2 years ago
ion-storm
sysmon-edr ion-storm
27
224
unknown
10
Sysmon EDR POC Build within Powershell to prove ability.
edr sysmon sysmon-edr
Created 2021-03-06
21 commits to main branch, last one 3 years ago
AustralianCyberSecurityCentre
windows_event_logging AustralianCyberSecurityCentre
52
217
bsd-3-clause
25
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
wmi sysmon logging windows event-log
Created 2017-07-17
10 commits to master branch, last one 2 months ago
ine-labs
ThreatSeeker ine-labs
13
120
mit
5
ThreatSeeker: Threat Hunting via Windows Event Logs
evtx sysmon threat windows log-analysis threat-detection threat-intelligence
Created 2023-04-11
4 commits to master branch, last one about a year ago
jymcheong
SysmonResources jymcheong
23
110
unknown
2
Consolidation of various resources related to Microsoft Sysmon & sample data/log
sysmon threat threat-hunting
Created 2018-01-24
650 commits to master branch, last one 3 years ago
Hestat
ossec-sysmon Hestat
22
92
unknown
14
A Ruleset to enhance detection capabilities of Ossec using Sysmon
dfir ossec wazuh sysmon
This repository has been archived (exclude archived)
Created 2018-11-27
155 commits to master branch, last one 3 years ago
ScriptIdiot
SysmonQuiet ScriptIdiot
16
88
apache-2.0
2
RDLL for Cobalt Strike beacon to silence sysmon process
rdll sysmon redteam cobaltstrike
Created 2022-07-11
13 commits to main branch, last one 2 years ago
LaresLLC
SysmonConfigPusher LaresLLC
6
88
mit
8
Pushes Sysmon Configs
siem sysmon windows threat-hunting
Created 2021-04-19
40 commits to main branch, last one 3 years ago
sametsazak
sysmon sametsazak
15
65
gpl-3.0
3
Sysmon and wazuh integration with Sigma sysmon rules [updated]
ossec sigma wazuh sysmon security sysmon-config wazuh-manager security-tools
Created 2018-09-14
13 commits to master branch, last one 3 years ago
huoji120
DuckSysEye huoji120
10
64
apache-2.0
4
SysEye是一个window上的基于att&ck现代EDR设计思想的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
edr sysmon osquery threat-hunting threat-modeling
Created 2022-08-04
36 commits to main branch, last one 2 years ago
signorrayan
SplunkThreatHunting signorrayan
7
41
unknown
1
This repository contains Splunk queries to hunt some anomalies
zeek splunk sysmon suricata dashboard fortigate threat-hunting anomaly-detection
Created 2022-04-08
65 commits to main branch, last one 2 years ago
bobby-tablez
Enable-All-The-Logs bobby-tablez
6
29
mit
1
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might w...
gpo lab sysmon logging windows sysmon-logs log-analysis sysmon-config malware-analysis
Created 2023-05-17
61 commits to main branch, last one 17 days ago
0xrajneesh
Log-Analysis-Projects-for-Beginners 0xrajneesh
7
25
unknown
3
Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis
sysmon log-analysis elasticsearch
Created 2024-06-13
11 commits to main branch, last one 10 months ago