sysmon

Main Rule Repository

Automate the creation of a lab environment complete with security tooling and logging best practices

Sysmon configuration file template with default high-quality event tracing

Block spying and tracking on Windows

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A repository of sysmon configuration modules

Utilities for Sysmon

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Open Source EDR for Windows

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Investigate suspicious activity by visualizing Sysmon's event log

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Documentation and scripts to properly enable Windows event logs.

Test Blue Team detections without running any attack.

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

Endpoint detection & Malware analysis software

Neutering Sysmon via driver unload

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.