Main Sigma Rule Repository
-
Updated
Jun 4, 2024 - Python
Main Sigma Rule Repository
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Endpoint detection & Malware analysis software
Consolidation of various resources related to Microsoft Sysmon & sample data/log
ThreatSeeker: Threat Hunting via Windows Event Logs
System Processes Correlation Engine
A log-based Threat Hunting tool
Extract logs based off events from sysmon. Comes as a package, cli and ui.
This is actually a follow-up to "Mapping-Sysmonlogs-to-ATTACK". After you obtain the "syslog.csv" through program in that repository, you can convert the log into a graph structure with relations through this program
Utility to convert SysInternals' Sysmon binary configuration to XML
Utilities for working with and testing Sysmon configs against Windows Event Logs
Splunk scripted input to push and install sysmon, with the sysmon config forked by securiyshrimp, from Taylor Swift, to ignore splunk executables.
Monitors system statistics and saves it in a csv-file format.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."