Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Latest commit 993dfd4 Mar 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Mar 11, 2019
startupscript.bat
sysmonconfig.xml Create sysmonconfig.xml Nov 6, 2017
sysmonv9.xml Update sysmonv9.xml Mar 11, 2019

README.md

Sysmon configuration and scripts

Create a GPO startup script and execute the batch file from it. The script terminates if it finds sysmonconfig.xml in C:\Windows modify it with the new config name.

Sysmon V9.0

In sysmon v9.0 config file we added some of the detections from JPCERT https://jpcertcc.github.io/ToolAnalysisResultSheet/. We also included most of https://github.com/olafhartong/sysmon-modular and also some of https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon. We will push it to more than 4k Endpoints and a month later would update it/remove noisy stuff. Our target is to map most of the MITRE Att@ck/JPCERT in this sysmon config. You might need to add exclusion for some of the software your enivroment including Antivirus/EDR/Whitelisting...etc. Also some of the events are noisy like pipe related events.

You can’t perform that action at this time.