Main Sigma Rule Repository
-
Updated
Sep 22, 2024 - Python
#
sysmon
Here are 115 public repositories matching this topic...
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
-
Updated
Sep 10, 2024 - PowerShell
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
-
Updated
Sep 5, 2024 - Go
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
security
kernel
etw
defender
sysmon
access-control
procmon
monitoring-tool
zero-trust
edr
endpoint-security
-
Updated
Aug 21, 2024 - Batchfile
A repository of sysmon configuration modules
-
Updated
Aug 21, 2024 - PowerShell
Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming
python
deep-learning
powershell
jupyter-notebook
genetic-programming
sysmon
supervised-machine-learning
unsupervised-machine-learning
edr
adversary-emulation
thesis-project
encoder-model
embedding-vectors
detection-engineering
windows-malware-analysis
information-security-technical
tpot-automl
large-language-models
agentic-ai
-
Updated
Aug 11, 2024 - Jupyter Notebook
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible
vagrant
packer
powershell
terraform
detection
dfir
vagrantfile
sysmon
osquery
information-security
lab-environment
detectionlab
dfir-automation
-
Updated
Jul 6, 2024 - HTML
Sysmon configuration file template with default high-quality event tracing
-
Updated
Jul 3, 2024
Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis
-
Updated
Jun 27, 2024
This project sets up an Active Directory environment and configures Splunk to ingest events from a Windows Server and a target machine. We perform a brute force attack using Kali Linux to observe telemetry and use Atomic Red Team for additional testing. Goals: enhance IT administration skills, event monitoring, and threat detection.
-
Updated
Jun 15, 2024
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
-
Updated
Jun 11, 2024 - Go
Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.
vm
virtualbox
splunk
virtual-machine
nat
active-directory
configuration
windows-10
configuration-management
cybersecurity
sysmon
siem
ubuntu-server
kali-linux
active-directory-domain-services
virtulization
windows-server-2022
cybersecurity-tools
active-directory-domain-controller
-
Updated
Jun 1, 2024
Atlas ITSI Content Pack for Linux Sysmon
-
Updated
May 29, 2024
Utilities for Sysmon
windows
monitoring
logging
sysmon
threat-hunting
threatintel
netsec
sysinternals
threat-intelligence
-
Updated
May 23, 2024
Test Blue Team detections without running any attack.
-
Updated
May 2, 2024 - C#
The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.
testing
windows
linux
security
networking
splunk
powershell
virtualization
active-directory
lab
project
target
cybersecurity
attacker
sysmon
ubuntu-server
kali-linux
command-prompt
mitre-attack
atomic-red-team
-
Updated
Apr 4, 2024
Improve this page
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."