Main Sigma Rule Repository
-
Updated
Sep 22, 2024 - Python
Main Sigma Rule Repository
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
A repository of sysmon configuration modules
Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming
Automate the creation of a lab environment complete with security tooling and logging best practices
Sysmon configuration file template with default high-quality event tracing
Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis
This project sets up an Active Directory environment and configures Splunk to ingest events from a Windows Server and a target machine. We perform a brute force attack using Kali Linux to observe telemetry and use Atomic Red Team for additional testing. Goals: enhance IT administration skills, event monitoring, and threat detection.
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.
Atlas ITSI Content Pack for Linux Sysmon
Utilities for Sysmon
Test Blue Team detections without running any attack.
The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."