sysmon-config
System monitoring configuration
A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing.
Sysmon configuration file template with default high-quality event tracing
5k stars
356 watching
2k forks
last commit: 5 months ago
Linked from 4 awesome lists
loggingmonitoringnetsecsysinternalssysmonthreat-huntingthreatintelwindows
meirwah/awesome-incident-response
0x4d31/awesome-threat-detection
paulsec/awesome-windows-domain-hardening
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 neo23x0/sysmon-config | A comprehensive Sysmon configuration file template with default high-quality event tracing | 454 |
 ion-storm/sysmon-config | A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. | 775 |
 trustedsec/sysmoncommunityguide | A community-driven guide to configuring and using the Sysmon security monitoring tool | 1,147 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
 olafhartong/sysmon-modular | A repository of customizable Sysmon configuration modules for security analysis and threat hunting. | 2,661 |
 mhaggis/sysmon-dfir | A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. | 899 |
 sysinternals/sysmonforlinux | A tool for monitoring system activity and logging events on Linux systems | 1,746 |
 gridhead/sysmon | A remotely-accessible system performance monitoring and task management tool for servers and Raspberry Pi setups | 191 |
 lt0/sysmon | A system monitor that provides real-time usage data of Linux systems via a web browser or mobile clients. | 117 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 scarredmonk/sysmonsimulator | A utility to simulate Windows event logs for testing EDR detections and correlation rules | 833 |
| ion-storm/sysmon-edr | A PowerShell-based EDR system with Sysmon integration to detect and respond to security threats. | 218 |
 marcosd4h/sysmonx | A drop-in replacement for Sysmon that enhances its security features and data collection capabilities. | 210 |
| swiftonsecurity/orgkit | Automates the setup of a secure Microsoft environment for a new company | 597 |
 usnistgov/macos_security | Provides automated security guidance and configuration settings for macOS systems. | 1,792 |