sysmon-dfir

Sysmon toolkit

A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring.

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

GitHub

899 stars
114 watching
183 forks
last commit: 12 months ago
Linked from 1 awesome list

sysmon

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
olafhartong/sysmon-modular A repository of customizable Sysmon configuration modules for security analysis and threat hunting. 2,661
ion-storm/sysmon-config A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. 775
nshalabi/sysmontools Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. 1,488
swiftonsecurity/sysmon-config A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. 4,803
ion-storm/sysmon-edr A PowerShell-based EDR system with Sysmon integration to detect and respond to security threats. 218
mhaggis/hunt-detect-prevent A collection of resources and tools for detecting and preventing malicious activity on Windows systems. 162
trustedsec/sysmoncommunityguide A community-driven guide to configuring and using the Sysmon security monitoring tool 1,147
sbousseaden/slides Collection of resources and concepts for threat hunting and detection engineering. 372
sannykim/solsec A collection of resources to study Solana smart contract security, auditing, and exploits. 610
neo23x0/sysmon-config A comprehensive Sysmon configuration file template with default high-quality event tracing 454
jpcertcc/sysmonsearch Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. 417
gridhead/sysmon A remotely-accessible system performance monitoring and task management tool for servers and Raspberry Pi setups 191
scarredmonk/sysmonsimulator A utility to simulate Windows event logs for testing EDR detections and correlation rules 833
gistairc/hs-sod Provides a dataset and tools for testing salient object detection models on hyperspectral images 54
dynetics/malfunction Tools for analyzing and comparing malware at a function level using fuzzy hashing algorithms 191