sysmon-config
System monitor
A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
780 stars
89 watching
143 forks
Language: PowerShell
last commit: over 1 year ago dfirdigitalforensicsforensic-analysisforensicartifactsforensicsgrayloggraylog-pluginhumiologgingmitre-attacknetsecsiemsigma-rulessysinternalssysmonthreat-analysisthreat-huntingthreat-intelligencethreat-sharingthreatintel
Related projects:
| Repository | Description | Stars |
|---|---|---|
| ion-storm/sysmon-edr | A PowerShell-based EDR system with Sysmon integration to detect and respond to security threats. | 218 |
 swiftonsecurity/sysmon-config | A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. | 4,828 |
 gridhead/sysmon | A remotely-accessible system performance monitoring and task management tool for servers and Raspberry Pi setups | 191 |
 olafhartong/sysmon-modular | A repository of customizable Sysmon configuration modules for security analysis and threat hunting. | 2,678 |
 mhaggis/sysmon-dfir | A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. | 901 |
 lt0/sysmon | A system monitor that provides real-time usage data of Linux systems via a web browser or mobile clients. | 117 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
 krispycamel4u/sysmontask | A Linux system monitoring tool with task management features similar to Windows Task Manager. | 690 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 419 |
 neo23x0/sysmon-config | A comprehensive Sysmon configuration file template with default high-quality event tracing | 457 |
 fossfreedom/indicator-sysmonitor | An application indicator for monitoring system parameters such as CPU temperature, memory usage, network speed and public IP address. | 735 |
 dcso/fever | A fast and extensible system for processing JSON events from security monitoring tools | 51 |
 scarredmonk/sysmonsimulator | A utility to simulate Windows event logs for testing EDR detections and correlation rules | 836 |