Utilities for working with and testing Sysmon configs against Windows Event Logs
-
Updated
Jul 21, 2023 - Python
Utilities for working with and testing Sysmon configs against Windows Event Logs
Splunk scripted input to push and install sysmon, with the sysmon config forked by securiyshrimp, from Taylor Swift, to ignore splunk executables.
Monitors system statistics and saves it in a csv-file format.
Utility to convert SysInternals' Sysmon binary configuration to XML
Extract logs based off events from sysmon. Comes as a package, cli and ui.
This is actually a follow-up to "Mapping-Sysmonlogs-to-ATTACK". After you obtain the "syslog.csv" through program in that repository, you can convert the log into a graph structure with relations through this program
A log-based Threat Hunting tool
System Processes Correlation Engine
ThreatSeeker: Threat Hunting via Windows Event Logs
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Endpoint detection & Malware analysis software
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Main Sigma Rule Repository
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."