SysmonSimulator
Event simulator
A utility to simulate Windows event logs for testing EDR detections and correlation rules
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
833 stars
20 watching
109 forks
Language: C
last commit: almost 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 alphasoc/flightsim | A utility to generate malicious network traffic patterns and evaluate security controls. | 1,264 |
 sea-erkin/log-snare | A web application designed to simulate vulnerabilities and demonstrate the importance of proper validation and logging. | 31 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
 securityriskadvisors/vectr | A tool for simulating and tracking adversary threats to measure detection and prevention capabilities | 1,393 |
 interana/eventsim | Generates event data to simulate real-world user behavior for testing and development purposes. | 505 |
 andresionek91/fake-web-events | Generates semi-random web events with configurable probabilities and constraints to mimic real-world scenarios. | 80 |
 dsnezhkov/racketeer | A toolkit for simulating and testing ransomware operations in a controlled environment | 68 |
 zombiecraig/icsim | A tool for simulating an instrument cluster's display based on CAN packet data from a virtual CAN interface. | 804 |
 azure/simuland | A collaboration to create realistic test environments for simulating real-world attacks and improving detection strategies. | 703 |
 ion-storm/sysmon-config | A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. | 775 |
 nextronsystems/ransomware-simulator | A tool to simulate ransomware behavior for testing antivirus software | 409 |
 n0dec/malwless | A tool designed to simulate system compromise or attack behaviors without running processes or PoCs. | 271 |
 swiftonsecurity/sysmon-config | A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. | 4,810 |
 mhaggis/sysmon-dfir | A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. | 899 |