sysmon | Topic | Ecosyste.ms: Repos

Topic: "sysmon"

SigmaHQ/sigma

Main Sigma Rule Repository

Language: Python - Size: 42.4 MB - Last synced at: 6 days ago - Pushed at: 10 days ago - Stars: 9,155 - Forks: 2,321

SwiftOnSecurity/sysmon-config

Sysmon configuration file template with default high-quality event tracing

Size: 464 KB - Last synced at: about 1 month ago - Pushed at: 10 months ago - Stars: 4,954 - Forks: 1,740

crazy-max/WindowsSpyBlocker

Block spying and tracking on Windows

Language: Go - Size: 36.5 MB - Last synced at: 28 days ago - Pushed at: 3 months ago - Stars: 4,794 - Forks: 368

clong/DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

Language: HTML - Size: 190 MB - Last synced at: 14 days ago - Pushed at: 10 months ago - Stars: 4,737 - Forks: 993

OTRF/ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Language: Python - Size: 32.9 MB - Last synced at: 7 days ago - Pushed at: about 1 year ago - Stars: 4,195 - Forks: 827

olafhartong/sysmon-modular

A repository of sysmon configuration modules

Language: PowerShell - Size: 4.68 MB - Last synced at: about 1 month ago - Pushed at: 9 months ago - Stars: 2,755 - Forks: 613

nshalabi/SysmonTools

Utilities for Sysmon

Size: 1.37 GB - Last synced at: about 1 month ago - Pushed at: 2 months ago - Stars: 1,512 - Forks: 205

0xrawsec/whids

Open Source EDR for Windows

Language: Go - Size: 10.3 MB - Last synced at: about 1 month ago - Pushed at: about 2 years ago - Stars: 1,202 - Forks: 145

netevert/sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Language: HCL - Size: 43.1 MB - Last synced at: 6 months ago - Pushed at: over 1 year ago - Stars: 1,056 - Forks: 207

MHaggis/sysmon-dfir

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Size: 86.5 MB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 912 - Forks: 184

ion-storm/sysmon-config Fork of SwiftOnSecurity/sysmon-config

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

Language: PowerShell - Size: 1.56 MB - Last synced at: 12 months ago - Pushed at: over 1 year ago - Stars: 752 - Forks: 141

wagga40/Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Language: Python - Size: 61 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 705 - Forks: 96

Yamato-Security/EnableWindowsLogSettings

Documentation and scripts to properly enable Windows event logs.

Language: Batchfile - Size: 1.14 MB - Last synced at: 6 months ago - Pushed at: over 1 year ago - Stars: 556 - Forks: 51

RoomaSec/RmEye

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Language: Python - Size: 8.82 MB - Last synced at: 6 months ago - Pushed at: over 1 year ago - Stars: 475 - Forks: 69

JPCERTCC/SysmonSearch

Investigate suspicious activity by visualizing Sysmon's event log

Language: JavaScript - Size: 6.75 MB - Last synced at: 18 days ago - Pushed at: over 1 year ago - Stars: 421 - Forks: 57

wecooperate/iMonitorSDK

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能，而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

Language: C++ - Size: 58.1 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 346 - Forks: 82

n0dec/MalwLess

Test Blue Team detections without running any attack.

Language: C# - Size: 248 KB - Last synced at: 3 months ago - Pushed at: about 1 year ago - Stars: 272 - Forks: 58

yarox24/attack_monitor

Endpoint detection & Malware analysis software

Language: Python - Size: 5.79 MB - Last synced at: about 2 months ago - Pushed at: over 5 years ago - Stars: 230 - Forks: 58

matterpreter/Shhmon

Neutering Sysmon via driver unload

Language: C# - Size: 895 KB - Last synced at: 28 days ago - Pushed at: over 2 years ago - Stars: 227 - Forks: 37

ion-storm/sysmon-edr

Sysmon EDR POC Build within Powershell to prove ability.

Language: PowerShell - Size: 2.5 MB - Last synced at: 6 days ago - Pushed at: about 4 years ago - Stars: 224 - Forks: 27

AustralianCyberSecurityCentre/windows_event_logging

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

Language: PowerShell - Size: 72.3 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 216 - Forks: 52

ine-labs/ThreatSeeker

ThreatSeeker: Threat Hunting via Windows Event Logs

Language: Python - Size: 20.3 MB - Last synced at: 17 days ago - Pushed at: almost 2 years ago - Stars: 120 - Forks: 13

ScriptIdiot/SysmonQuiet

RDLL for Cobalt Strike beacon to silence sysmon process

Language: C - Size: 63.5 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 71 - Forks: 14

Hestat/ossec-sysmon

A Ruleset to enhance detection capabilities of Ossec using Sysmon

Language: PowerShell - Size: 551 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 69 - Forks: 22

jymcheong/SysmonResources

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Language: Python - Size: 51 MB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 65 - Forks: 21

huoji120/DuckSysEye

SysEye是一个window上的基于att&ck现代EDR设计思想的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Size: 3.23 MB - Last synced at: 9 months ago - Pushed at: over 2 years ago - Stars: 63 - Forks: 10

LaresLLC/SysmonConfigPusher

Pushes Sysmon Configs

Language: C# - Size: 1.82 MB - Last synced at: about 2 years ago - Pushed at: almost 4 years ago - Stars: 61 - Forks: 5

sametsazak/sysmon

Sysmon and wazuh integration with Sigma sysmon rules [updated]

Size: 28.3 KB - Last synced at: about 1 year ago - Pushed at: almost 4 years ago - Stars: 55 - Forks: 16

MHaggis/sysmon-splunk-app

Sysmon Splunk App

Size: 41 KB - Last synced at: 28 days ago - Pushed at: over 6 years ago - Stars: 46 - Forks: 16

MHaggis/app_splunk_sysmon_hunter

Splunk App to assist Sysmon Threat Hunting

Size: 18.6 KB - Last synced at: 28 days ago - Pushed at: about 8 years ago - Stars: 38 - Forks: 7

jhochwald/Universal-Winlogbeat-configuration 📦

Universal Winlogbeat configuration

Size: 88.9 KB - Last synced at: 1 day ago - Pushed at: about 3 years ago - Stars: 33 - Forks: 5

olafhartong/TA-Sysmon-deploy

Deploy and maintain Symon through the Splunk Deployment Sever

Language: Batchfile - Size: 938 KB - Last synced at: 3 months ago - Pushed at: almost 5 years ago - Stars: 31 - Forks: 13

bobby-tablez/Enable-All-The-Logs

This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.

Language: PowerShell - Size: 585 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 28 - Forks: 6

Kara-4search/PEB-PPIDspoofing_Csharp

Command line & PPID spoofing

Language: C# - Size: 2.19 MB - Last synced at: 18 days ago - Pushed at: about 2 years ago - Stars: 26 - Forks: 9

ceramicskate0/SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Language: C# - Size: 1.95 MB - Last synced at: 17 days ago - Pushed at: almost 2 years ago - Stars: 24 - Forks: 7

ajackal/ir_scripts

incident response scripts

Language: PowerShell - Size: 12.7 KB - Last synced at: 25 days ago - Pushed at: about 6 years ago - Stars: 19 - Forks: 3

lab52io/Syspce

System Processes Correlation Engine

Language: Python - Size: 10.4 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 5

j91321/ansible-role-sysmon

Ansible role for installing Sysmon with popular config files included.

Language: Jinja - Size: 1.78 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 18 - Forks: 3

Kara-4search/WindowsEventLogsBypass_Csharp

Bypass windows eventlogs & Sysmon

Language: C# - Size: 45.9 KB - Last synced at: 18 days ago - Pushed at: over 3 years ago - Stars: 16 - Forks: 2

SecurityJosh/MuteSysmon

A PowerShell script to prevent Sysmon from writing its events

Language: PowerShell - Size: 2.93 KB - Last synced at: about 2 years ago - Pushed at: about 5 years ago - Stars: 15 - Forks: 5

signorrayan/SplunkThreatHunting

This repository contains Splunk queries to hunt some anomalies

Size: 290 KB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 14 - Forks: 5

bananagobananza/SysmonConfigurationBuilder

A web application dedicated to write sysmon configuration file

Language: JavaScript - Size: 12.3 MB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 10 - Forks: 0

ceramicskate0/sysmon-config Fork of SwiftOnSecurity/sysmon-config

CeramicSkate0 Sysmon configuration fork file template with default high-quality event tracing

Size: 625 KB - Last synced at: 17 days ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 0

mutedmouse/HELK4SO

This repository is for integrating HELK capabilities into Security Onion instances. This will be an evolving extension to both products and as such this not contributed directly to either the HELK or SecurityOnion. Please both use at your own risk and enjoy.

Language: Shell - Size: 28.6 MB - Last synced at: about 2 hours ago - Pushed at: about 6 years ago - Stars: 9 - Forks: 2

0xrajneesh/Log-Analysis-Projects-for-Beginners

Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis

Size: 26.4 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 8 - Forks: 3

zmbf0r3ns1cs/BF-ELK

Burnham Forensics ELK Deployment Files

Size: 240 KB - Last synced at: 12 months ago - Pushed at: about 6 years ago - Stars: 8 - Forks: 4

Gerrnperl/ksysguard-colored-text

A ksysguard extension intended to provide a clear visualization of the sensor data.

Language: QML - Size: 80.1 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 6 - Forks: 2

bonifield/splunk_on_security_onion

Splunk configs for Security Onion

Size: 409 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 1

KnightChaser/aesir

A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events

Language: Go - Size: 1.48 MB - Last synced at: 4 days ago - Pushed at: 11 months ago - Stars: 5 - Forks: 1

MrezaDorudian/HunterBee

A log-based Threat Hunting tool

Language: Python - Size: 563 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 5 - Forks: 0

crazyeights225/WinEventLogExplorer

Capture all events across all logs produced during the running of a particular exploit/script. Search and filter events

Language: PowerShell - Size: 1.26 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 5 - Forks: 0

0daysimpson/Get-SysmonLogs

A PowerShell client for retrieving and searching Sysmon logs

Language: PowerShell - Size: 9.77 KB - Last synced at: about 2 years ago - Pushed at: almost 6 years ago - Stars: 5 - Forks: 2

vastlimits/uberAgent-ESA-Sysmon-Converter

Converts Sysmon rules to uberAgent ESA Threat Detection rules

Language: C# - Size: 309 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 4 - Forks: 1

EdwardsCP/HuntExes

Language: PowerShell - Size: 686 KB - Last synced at: over 1 year ago - Pushed at: about 4 years ago - Stars: 4 - Forks: 0

objectscript/deepsee-sysmon-dashboards Fork of dkutac/deepsee-sysmon-dashboard

DeepSee dashboards on top of various system metrics

Language: Visual Basic - Size: 2.27 MB - Last synced at: about 1 year ago - Pushed at: over 7 years ago - Stars: 4 - Forks: 4

dim0x69/windows-hunting

Language: Go - Size: 2.93 KB - Last synced at: about 2 years ago - Pushed at: about 8 years ago - Stars: 4 - Forks: 2

ZephrFish/blind

A BOF for patching AMSI, ETW and NtTraceEvent aka Sysmon using Trampolines

Language: C - Size: 17.6 KB - Last synced at: 3 days ago - Pushed at: 15 days ago - Stars: 3 - Forks: 0

Kirtar22/Presentations

Presentations

Language: PowerShell - Size: 32.6 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 3 - Forks: 3

thejanit0r/sysmon-bin2xml

Utility to convert SysInternals' Sysmon binary configuration to XML

Language: Python - Size: 4.47 MB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 3 - Forks: 0

df3l0p/lab-builder

Lab-buider is an easy lab builder environment allowing you to create several labs using the same code bases and provides some sample labs (using Vagrant) ready for testing purposes (Windows domain lab, malware test lab,...)

Language: Rich Text Format - Size: 21.6 MB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 3 - Forks: 1

Ashton-Sidhu/sysmon-extract

Extract logs based off events from sysmon. Comes as a package, cli and ui.

Language: Python - Size: 42.1 MB - Last synced at: 5 days ago - Pushed at: almost 5 years ago - Stars: 3 - Forks: 1

scrymastic/edr-agent

A tool for monitoring system events and sending relevant information to the EDR server for further analysis and response.

Language: C++ - Size: 220 KB - Last synced at: about 2 months ago - Pushed at: 10 months ago - Stars: 2 - Forks: 0

kaiiyer/detections

Detection Logics for Threat Hunting

Language: Jupyter Notebook - Size: 19.5 KB - Last synced at: 6 days ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 0

sankyhack/ExtractLOLBin

Script is written to fetch LOLBin Details from Security and Sysmon EVTX file.

Language: PowerShell - Size: 27.3 KB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 2

Potato-Industries/gohima

proof of concept intrusion mitigation tool written in go for windows. (Sysmon eventlogs and Sigma .yml signature rules)

Language: Go - Size: 6.84 KB - Last synced at: almost 2 years ago - Pushed at: over 5 years ago - Stars: 2 - Forks: 1

purivikas/grafana-ase-sysmon-module

sysmon

Language: Awk - Size: 162 KB - Last synced at: about 2 years ago - Pushed at: over 7 years ago - Stars: 2 - Forks: 2

cridin1/pwsh-execution-analysis

Analyzing PowerShell execution on Windows systems.

Language: PowerShell - Size: 5.79 MB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 1 - Forks: 0

Asmae-Amahrouk/Sysmon-Wazuh

Implementing a comprehensive and scalable security monitoring solution for Windows endpoint.

Size: 1.23 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 1 - Forks: 0

aymenmarjan/MISP-Wazuh-Integration

A comprehensive integration solution connecting MISP threat intelligence with Wazuh security monitoring for real-time threat detection. This project provides step-by-step instructions for deploying, configuring, and integrating MISP and Wazuh with Sysmon to automatically detect indicators of compromise (IoCs) in your environment.

Size: 3.54 MB - Last synced at: 29 days ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0

zake1god/sysmon-config-with-cmd Fork of SwiftOnSecurity/sysmon-config

Custom Sysmon configuration, add read CMD And Powershell by Zake

Size: 409 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

dikayx/elk-siem 📦

A lightweight SIEM solution using the ELK stack, Docker, Winlogbeat and Sysmon for efficient log collection and analysis.

Language: Shell - Size: 1010 KB - Last synced at: 2 months ago - Pushed at: 5 months ago - Stars: 1 - Forks: 0

Alex-Walston/Detection-Rules

Collection of detection / hunting rules. (Google Chronicle, YARA-L rules) (Utilizing mainly CrowdStrike // Sysmon logs)

Size: 27.3 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 1 - Forks: 0

KnightChaser/docker-elk-winlogbeat

Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)

Language: Shell - Size: 938 KB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

homeinfogmbh/typo3-sysmon2

SysMon2 plugin for Typo3

Language: CSS - Size: 2.18 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

chalvorson/sysmon-config Fork of threathunting/sysmon-config

Sysmon configuration file template from SwiftOnSecurity with a few PRs merged and install/updates scripts from threathunting.

Language: Batchfile - Size: 109 KB - Last synced at: about 1 month ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 1

j91321/sigma-playground

Simple browser playground for Sigma rule format.

Language: Vue - Size: 1.36 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

stavhaygn/sysmon-modular Fork of olafhartong/sysmon-modular

A repository of sysmon configuration modules

Language: PowerShell - Size: 4.3 MB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 1 - Forks: 0

seung7642/Secubot

Adaptive SIEM in BoB 7th

Language: JavaScript - Size: 11 MB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 1 - Forks: 0

anil-yelken/tehditavciligi Fork of kaleakademi/tehditavciligi

Tehdit Avcılığı ( Threat Hunting ) Yazılarımız

Size: 27.3 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 1

sduff/sysmon-config Fork of SwiftOnSecurity/sysmon-config

Ransomware focused Sysmon configuration file template with default high-quality event tracing

Size: 365 KB - Last synced at: almost 2 years ago - Pushed at: about 4 years ago - Stars: 1 - Forks: 0

morgant/sysmon-startupitem

Sysmon StartupItem/launchd job

Language: Shell - Size: 9.77 KB - Last synced at: 2 days ago - Pushed at: over 4 years ago - Stars: 1 - Forks: 0

mdavis332/sysmon-config Fork of ion-storm/sysmon-config

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

Language: Batchfile - Size: 280 KB - Last synced at: about 2 years ago - Pushed at: almost 7 years ago - Stars: 1 - Forks: 2

Akkarykkj/SysmonConfigurationBuilder

A web application dedicated to write sysmon configuration file

Language: JavaScript - Size: 7.73 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 0 - Forks: 0

homeinfogmbh/sysmon

Systems monitoring tool

Language: Python - Size: 782 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 0 - Forks: 1

prakharvr02/Sysmon-Mini-Project

Analyzed Sysmon logs from a compromised system to trace malware behavior, environment changes, LOLBIN usage, and reverse shell attempts using tools like Invoke-WebRequest and JuicyPotato.

Size: 88.9 KB - Last synced at: 24 days ago - Pushed at: 24 days ago - Stars: 0 - Forks: 0

KnightChaser/SysmonSimulator

A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang

Language: Go - Size: 3.04 MB - Last synced at: about 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

humzaakhtarr/ElasticSearch-using-Sysmon

A step-by-step guide for setting up an SIEM using the Elastic Web Portal and Sysmon. You will learn how to generate security events on the windows machine, set up Sysmon on your windows machine. Generate few events by writing few commands on Windows PowerShell and forward records to the SIEM, and query and analyze the logs using Kibana in the SIEM.

Size: 3.91 KB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

Ghost-7A/Attack-Technique-Emulation-Wazuh

A project showcasing attack technique emulation using MITRE ATT&CK and detection with Wazuh, Sysmon, and Atomic Red Team.

Size: 1.53 MB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

norandom/log2ml

Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming

Language: Jupyter Notebook - Size: 3.39 MB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

uruc/Active-Directory-Lab

This project sets up an Active Directory environment and configures Splunk to ingest events from a Windows Server and a target machine. We perform a brute force attack using Kali Linux to observe telemetry and use Atomic Red Team for additional testing. Goals: enhance IT administration skills, event monitoring, and threat detection.

Size: 5.01 MB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

alt-react/Active-Directory-Home-Lab

Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.

Size: 368 KB - Last synced at: about 1 month ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

avulman/active-directory-project

The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.

Size: 157 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0