Ecosyste.ms: Repos
An open API service providing repository metadata for many open source software ecosystems.
GitHub topics: sysmon
SigmaHQ/sigma
Main Sigma Rule Repository
Language: Python - Size: 37.9 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 7,691 - Forks: 2,103
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Language: Python - Size: 32.9 MB - Last synced: about 5 hours ago - Pushed: 3 months ago - Stars: 3,877 - Forks: 797
ion-storm/sysmon-config Fork of SwiftOnSecurity/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Language: PowerShell - Size: 1.56 MB - Last synced: about 4 hours ago - Pushed: 6 months ago - Stars: 752 - Forks: 141
wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Language: Python - Size: 57.5 MB - Last synced: 7 days ago - Pushed: 7 days ago - Stars: 600 - Forks: 84
wecooperate/iMonitorSDK
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
Language: C++ - Size: 37.2 MB - Last synced: 10 days ago - Pushed: 13 days ago - Stars: 325 - Forks: 79
KnightChaser/SysmonSimulator
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
Language: Go - Size: 3.04 MB - Last synced: 10 days ago - Pushed: 11 days ago - Stars: 0 - Forks: 0
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
Language: HTML - Size: 190 MB - Last synced: 15 days ago - Pushed: about 1 year ago - Stars: 4,508 - Forks: 970
olafhartong/TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
Language: Batchfile - Size: 938 KB - Last synced: 16 days ago - Pushed: almost 4 years ago - Stars: 31 - Forks: 13
olafhartong/sysmon-modular
A repository of sysmon configuration modules
Language: PowerShell - Size: 4.68 MB - Last synced: 16 days ago - Pushed: 3 months ago - Stars: 2,493 - Forks: 565
crazy-max/WindowsSpyBlocker
Block spying and tracking on Windows
Language: Go - Size: 36.5 MB - Last synced: 16 days ago - Pushed: about 1 year ago - Stars: 4,458 - Forks: 354
0xrawsec/whids
Open Source EDR for Windows
Language: Go - Size: 10.3 MB - Last synced: 16 days ago - Pushed: about 1 year ago - Stars: 1,053 - Forks: 134
homeinfogmbh/sysmon
Systems monitoring tool
Language: Python - Size: 756 KB - Last synced: 21 days ago - Pushed: 22 days ago - Stars: 0 - Forks: 1
nshalabi/SysmonTools
Utilities for Sysmon
Size: 1.37 GB - Last synced: 27 days ago - Pushed: 8 months ago - Stars: 1,445 - Forks: 205
KnightChaser/WindowsSystemMonitor
Sysmon policies practice as XML
Language: XML - Size: 15.6 KB - Last synced: 29 days ago - Pushed: 5 months ago - Stars: 0 - Forks: 0
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Language: HCL - Size: 43.1 MB - Last synced: about 1 month ago - Pushed: 9 months ago - Stars: 1,037 - Forks: 206
Yamato-Security/EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
Language: Batchfile - Size: 1.14 MB - Last synced: about 1 month ago - Pushed: 8 months ago - Stars: 441 - Forks: 45
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
Size: 464 KB - Last synced: about 1 month ago - Pushed: 4 months ago - Stars: 4,539 - Forks: 1,667
MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Size: 86.5 MB - Last synced: 29 days ago - Pushed: 5 months ago - Stars: 885 - Forks: 185
avulman/active-directory-project
The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.
Size: 157 KB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 0 - Forks: 0
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
Language: PowerShell - Size: 2.5 MB - Last synced: about 1 month ago - Pushed: about 3 years ago - Stars: 209 - Forks: 28
KnightChaser/aesir
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
Language: Go - Size: 1.47 MB - Last synced: 29 days ago - Pushed: 3 months ago - Stars: 2 - Forks: 1
hongson11698/EnableLog
Windows Enable Log Scripts
Language: PowerShell - Size: 45.9 KB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 0 - Forks: 0
JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
Language: JavaScript - Size: 6.75 MB - Last synced: about 1 month ago - Pushed: 5 months ago - Stars: 408 - Forks: 59
RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Language: Python - Size: 8.82 MB - Last synced: 3 months ago - Pushed: 7 months ago - Stars: 375 - Forks: 58
thijsputman/sysmon-mqtt
Simple system monitoring over MQTT
Language: Shell - Size: 159 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 0 - Forks: 0
cridin1/pwsh-execution-analysis
Analyzing PowerShell execution on Windows systems.
Language: PowerShell - Size: 5.56 MB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 1 - Forks: 0
bobby-tablez/Enable-All-The-Logs
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
Language: PowerShell - Size: 543 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 13 - Forks: 0
Kirtar22/Presentations
Presentations
Language: PowerShell - Size: 32.6 MB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 3 - Forks: 3
yarox24/attack_monitor
Endpoint detection & Malware analysis software
Language: Python - Size: 5.79 MB - Last synced: 3 months ago - Pushed: over 4 years ago - Stars: 224 - Forks: 60
KnightChaser/sentinela
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Language: Go - Size: 24.4 KB - Last synced: 29 days ago - Pushed: 3 months ago - Stars: 0 - Forks: 0
sametsazak/sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
Size: 28.3 KB - Last synced: 3 months ago - Pushed: almost 3 years ago - Stars: 55 - Forks: 16
FOGSEC/Posh-Sysmon Fork of R3dFruitRollUp/Posh-Sysmon
PowerShell module for creating and managing Sysinternals Sysmon config files.
Language: PowerShell - Size: 229 KB - Last synced: 4 months ago - Pushed: over 6 years ago - Stars: 0 - Forks: 0
KnightChaser/docker-elk-winlogbeat
Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)
Language: Shell - Size: 938 KB - Last synced: 29 days ago - Pushed: 4 months ago - Stars: 0 - Forks: 0
EdwardsCP/HuntExes
Language: PowerShell - Size: 686 KB - Last synced: 4 months ago - Pushed: about 3 years ago - Stars: 4 - Forks: 0
thejanit0r/sysmon-bin2xml
Utility to convert SysInternals' Sysmon binary configuration to XML
Language: Python - Size: 2.21 MB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
jhochwald/Universal-Winlogbeat-configuration 📦
Universal Winlogbeat configuration
Size: 88.9 KB - Last synced: 2 months ago - Pushed: about 2 years ago - Stars: 27 - Forks: 4
vastlimits/uberAgent-ESA-Sysmon-Converter
Converts Sysmon rules to uberAgent ESA Threat Detection rules
Language: C# - Size: 239 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 3 - Forks: 1
totemtechnologies/Sysmon-Tools
Size: 149 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
AustralianCyberSecurityCentre/windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Language: PowerShell - Size: 68.4 KB - Last synced: 6 months ago - Pushed: about 2 years ago - Stars: 208 - Forks: 52
her3ticAVI/MERlin
Incident Response Script Grabs logs
Language: Go - Size: 57.6 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 2 - Forks: 0
mohamedaymenkarmous/EDR-Process-Explorer
This project shows a graphical view of the process executions relationship in a tree format (HTML version)
Language: HTML - Size: 421 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
ceramicskate0/SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Language: C# - Size: 1.95 MB - Last synced: 7 months ago - Pushed: 11 months ago - Stars: 23 - Forks: 7
ajackal/ir_scripts
incident response scripts
Language: PowerShell - Size: 12.7 KB - Last synced: 7 months ago - Pushed: about 5 years ago - Stars: 17 - Forks: 3
matterpreter/Shhmon
Neutering Sysmon via driver unload
Language: C# - Size: 895 KB - Last synced: 7 months ago - Pushed: over 1 year ago - Stars: 212 - Forks: 35
bonifield/splunk_on_security_onion
Splunk configs for Security Onion
Size: 409 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 7 - Forks: 1
ceramicskate0/sysmon-config Fork of SwiftOnSecurity/sysmon-config
CeramicSkate0 Sysmon configuration fork file template with default high-quality event tracing
Size: 625 KB - Last synced: 8 months ago - Pushed: 8 months ago - Stars: 8 - Forks: 0
f8al/TA-Sysmon_install
Splunk scripted input to push and install sysmon, with the sysmon config forked by securiyshrimp, from Taylor Swift, to ignore splunk executables.
Language: Python - Size: 96.7 KB - Last synced: 9 months ago - Pushed: over 5 years ago - Stars: 0 - Forks: 2
crazyeights225/WinEventLogExplorer
Capture all events across all logs produced during the running of a particular exploit/script. Search and filter events
Language: PowerShell - Size: 1.26 MB - Last synced: 9 months ago - Pushed: over 2 years ago - Stars: 5 - Forks: 0
MHaggis/app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
Size: 18.6 KB - Last synced: 9 months ago - Pushed: about 7 years ago - Stars: 37 - Forks: 7
duanshuaimin/SysmonCommunityGuide Fork of trustedsec/SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
Size: 15.4 MB - Last synced: 9 months ago - Pushed: over 4 years ago - Stars: 0 - Forks: 0
stahler/Sysmon_PowerShell
Sysmon demo with PowerShell examples
Language: PowerShell - Size: 2.92 MB - Last synced: 9 months ago - Pushed: about 6 years ago - Stars: 0 - Forks: 1
lab52io/Syspce
System Processes Correlation Engine
Language: Python - Size: 10.4 MB - Last synced: 4 months ago - Pushed: 5 months ago - Stars: 18 - Forks: 5
sduff/sysmon-config Fork of SwiftOnSecurity/sysmon-config
Ransomware focused Sysmon configuration file template with default high-quality event tracing
Size: 365 KB - Last synced: 9 months ago - Pushed: about 3 years ago - Stars: 1 - Forks: 0
sankyhack/ExtractLOLBin
Script is written to fetch LOLBin Details from Security and Sysmon EVTX file.
Language: PowerShell - Size: 27.3 KB - Last synced: 10 months ago - Pushed: over 2 years ago - Stars: 2 - Forks: 2
MHaggis/sysmon-splunk-app
Sysmon Splunk App
Size: 41 KB - Last synced: 9 months ago - Pushed: over 5 years ago - Stars: 45 - Forks: 15
huoji120/DuckSysEye
SysEye是一个window上的基于att&ck现代EDR设计思想的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Size: 3.23 MB - Last synced: 10 months ago - Pushed: over 1 year ago - Stars: 61 - Forks: 9
homeinfogmbh/typo3-sysmon2
SysMon2 plugin for Typo3
Language: CSS - Size: 2.18 MB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 1 - Forks: 0
mutedmouse/HELK4SO
This repository is for integrating HELK capabilities into Security Onion instances. This will be an evolving extension to both products and as such this not contributed directly to either the HELK or SecurityOnion. Please both use at your own risk and enjoy.
Language: Shell - Size: 28.6 MB - Last synced: 24 days ago - Pushed: about 5 years ago - Stars: 8 - Forks: 2
Gerrnperl/ksysguard-colored-text
A ksysguard extension intended to provide a clear visualization of the sensor data.
Language: QML - Size: 52.7 KB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 0 - Forks: 0
hansalemaos/sysmon2df
Captures Sysmon events and converts the output into a pandas DataFrames / CSV
Language: Python - Size: 5 MB - Last synced: about 1 month ago - Pushed: almost 1 year ago - Stars: 0 - Forks: 0
cnnrshd/sysmon_utils
Utilities for working with and testing Sysmon configs against Windows Event Logs
Language: Python - Size: 40 KB - Last synced: 2 months ago - Pushed: 10 months ago - Stars: 0 - Forks: 0
Kara-4search/PEB-PPIDspoofing_Csharp
Command line & PPID spoofing
Language: C# - Size: 2.19 MB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 17 - Forks: 8
jymcheong/SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Language: Python - Size: 51 MB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 65 - Forks: 21
j91321/ansible-role-sysmon
Ansible role for installing Sysmon with popular config files included.
Language: Jinja - Size: 1.78 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 18 - Forks: 3
Hestat/ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
Language: PowerShell - Size: 551 KB - Last synced: about 1 year ago - Pushed: about 2 years ago - Stars: 69 - Forks: 22
signorrayan/SplunkThreatHunting
This repository contains Splunk queries to hunt some anomalies
Size: 290 KB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 14 - Forks: 5
ScriptIdiot/SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
Language: C - Size: 63.5 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 71 - Forks: 14
LaresLLC/SysmonConfigPusher
Pushes Sysmon Configs
Language: C# - Size: 1.82 MB - Last synced: about 1 year ago - Pushed: almost 3 years ago - Stars: 61 - Forks: 5
chalvorson/sysmon-config Fork of threathunting/sysmon-config
Sysmon configuration file template from SwiftOnSecurity with a few PRs merged and install/updates scripts from threathunting.
Language: Batchfile - Size: 109 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 1
j91321/sigma-playground
Simple browser playground for Sigma rule format.
Language: Vue - Size: 1.36 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 1 - Forks: 0
MrezaDorudian/HunterBee
A log-based Threat Hunting tool
Language: Python - Size: 563 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 5 - Forks: 0
Kara-4search/WindowsEventLogsBypass_Csharp
Bypass windows eventlogs & Sysmon
Language: C# - Size: 45.9 KB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 14 - Forks: 2
purivikas/grafana-ase-sysmon-module
sysmon
Language: Awk - Size: 162 KB - Last synced: about 1 year ago - Pushed: over 6 years ago - Stars: 2 - Forks: 2
0daysimpson/Get-SysmonLogs
A PowerShell client for retrieving and searching Sysmon logs
Language: PowerShell - Size: 9.77 KB - Last synced: about 1 year ago - Pushed: almost 5 years ago - Stars: 5 - Forks: 2
zmbf0r3ns1cs/BF-ELK
Burnham Forensics ELK Deployment Files
Size: 240 KB - Last synced: about 5 hours ago - Pushed: about 5 years ago - Stars: 8 - Forks: 4
anil-yelken/tehditavciligi Fork of kaleakademi/tehditavciligi
Tehdit Avcılığı ( Threat Hunting ) Yazılarımız
Size: 27.3 KB - Last synced: about 1 year ago - Pushed: about 2 years ago - Stars: 1 - Forks: 1
SecurityJosh/MuteSysmon
A PowerShell script to prevent Sysmon from writing its events
Language: PowerShell - Size: 2.93 KB - Last synced: about 1 year ago - Pushed: about 4 years ago - Stars: 15 - Forks: 5
netiq-ps/ArcSight-Sysmon-FlexConnector Fork of S3COPS/ArcSight-Sysmon-FlexConnector
Microfocus ArcSight FlexConnector for Microsoft Sysmon tool
Size: 168 KB - Last synced: about 1 year ago - Pushed: almost 5 years ago - Stars: 0 - Forks: 0
stavhaygn/sysmon-modular Fork of olafhartong/sysmon-modular
A repository of sysmon configuration modules
Language: PowerShell - Size: 4.3 MB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 1 - Forks: 0
stavhaygn/APTLab-Environment Fork of clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
Language: HTML - Size: 189 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 1
kaiiyer/detections
Detection Logics for Threat Hunting
Language: Jupyter Notebook - Size: 19.5 KB - Last synced: about 5 hours ago - Pushed: over 2 years ago - Stars: 0 - Forks: 0
jamestiotio/SUTDiscourse
The platform for SUTD's community discussion. Free, open, simple.
Size: 130 KB - Last synced: 15 days ago - Pushed: over 2 years ago - Stars: 0 - Forks: 0
df3l0p/lab-builder
Lab-buider is an easy lab builder environment allowing you to create several labs using the same code bases and provides some sample labs (using Vagrant) ready for testing purposes (Windows domain lab, malware test lab,...)
Language: Rich Text Format - Size: 21.6 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 3 - Forks: 1
morgant/sysmon-startupitem
Sysmon StartupItem/launchd job
Language: Shell - Size: 9.77 KB - Last synced: about 1 year ago - Pushed: over 3 years ago - Stars: 1 - Forks: 0
dim0x69/windows-hunting
Language: Go - Size: 2.93 KB - Last synced: about 1 year ago - Pushed: about 7 years ago - Stars: 4 - Forks: 2
ksmaheshkumar/sigma Fork of SigmaHQ/sigma
Generic Signature Format for SIEM Systems
Language: Makefile - Size: 1.93 MB - Last synced: about 1 year ago - Pushed: over 6 years ago - Stars: 0 - Forks: 0
maketsi/TA-TC-Sysmon
Sysmon addon for Splunk
Size: 72.3 KB - Last synced: about 1 year ago - Pushed: over 3 years ago - Stars: 0 - Forks: 1
Potato-Industries/gohima
proof of concept intrusion mitigation tool written in go for windows. (Sysmon eventlogs and Sigma .yml signature rules)
Language: Go - Size: 6.84 KB - Last synced: 11 months ago - Pushed: over 4 years ago - Stars: 2 - Forks: 1
1Dimitri/WixsharpSysmon
Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project
Language: C# - Size: 10.7 KB - Last synced: about 1 year ago - Pushed: almost 3 years ago - Stars: 0 - Forks: 0
Ashton-Sidhu/sysmon-extract
Extract logs based off events from sysmon. Comes as a package, cli and ui.
Language: Python - Size: 42.1 MB - Last synced: 20 days ago - Pushed: almost 4 years ago - Stars: 3 - Forks: 1
seung7642/Secubot
Adaptive SIEM in BoB 7th
Language: JavaScript - Size: 11 MB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 1 - Forks: 0
Torxed/sysmon
Monitors system statistics and saves it in a csv-file format.
Language: Python - Size: 16.6 KB - Last synced: 15 days ago - Pushed: about 5 years ago - Stars: 0 - Forks: 0
znb/sysmon-dfir Fork of MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Size: 83.4 MB - Last synced: about 1 year ago - Pushed: about 6 years ago - Stars: 0 - Forks: 0
znb/44Con-2018-Sysmon Fork of SecureDataLabs/44Con-2018-Sysmon
Sys Mon! Why yu nuh logging dat?
Language: Batchfile - Size: 13 MB - Last synced: about 1 year ago - Pushed: over 5 years ago - Stars: 0 - Forks: 0
znb/sysmon-modular Fork of olafhartong/sysmon-modular
A repository of sysmon configuration modules
Language: PowerShell - Size: 3.37 MB - Last synced: about 1 year ago - Pushed: over 5 years ago - Stars: 0 - Forks: 0
objectscript/deepsee-sysmon-dashboards Fork of dkutac/deepsee-sysmon-dashboard
DeepSee dashboards on top of various system metrics
Language: Visual Basic - Size: 2.27 MB - Last synced: about 2 months ago - Pushed: over 6 years ago - Stars: 4 - Forks: 4
mdavis332/sysmon-config Fork of ion-storm/sysmon-config
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Language: Batchfile - Size: 280 KB - Last synced: about 1 year ago - Pushed: almost 6 years ago - Stars: 1 - Forks: 2