Utilities for working with and testing Sysmon configs against Windows Event Logs
-
Updated
Jul 21, 2023 - Python
Utilities for working with and testing Sysmon configs against Windows Event Logs
Analyzing PowerShell execution on Windows systems.
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Atlas ITSI Content Pack for Linux Sysmon
PoC for http://www.hexacorn.com/blog/2020/03/29/hiding-process-creation-and-cmd-line-with-a-long-com/
A log-based Threat Hunting tool
Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming
sc-pseudo.exe is a recreation of Windows Service Control Manager, a command line utility. This code was built using a 64 bit architecture. This script generates a system process that allows Windows to start, stop and interact with other processes.
Detection Logics for Threat Hunting
A Sysmon Install script using the Powershell Application Deployment Toolkit
Simple system monitoring over MQTT
Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)
Utility to convert SysInternals' Sysmon binary configuration to XML
PowerShell module for creating and managing Sysinternals Sysmon config files.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."