SysmonSearch
Event log analyzer
Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations.
Investigate suspicious activity by visualizing Sysmon's event log
417 stars
43 watching
58 forks
Language: JavaScript
last commit: 11 months ago
Linked from 1 awesome list
elasticsearchkibanasecuritystixstix2sysmon
meirwah/awesome-incident-responseRelated projects:
| Repository | Description | Stars |
|---|---|---|
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
| jpcertcc/toolanalysisresultsheet | An HTML-based tool for analyzing and visualizing log data from Windows execution of malicious tools to detect lateral movement. | 345 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,188 |
 confluentinc/confluent-sigma | A tool for analyzing and visualizing log events using structured rules | 52 |
 activecm/beaker | Aggregates Microsoft Sysmon network events with Elasticsearch and Kibana for threat hunting analysis | 285 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 scarredmonk/sysmonsimulator | A utility to simulate Windows event logs for testing EDR detections and correlation rules | 833 |
 yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 763 |
 cgosec/blauhaunt | A tool collection for analyzing and visualizing logon events to help answer security-related questions | 161 |
 airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 36 |
 sivasamyk/logtrail | A Kibana plugin to view, analyze, and search log events from multiple hosts in real-time with a centralized interface. | 1,398 |
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 quarkslab/irma | An asynchronous analysis system for suspicious files | 269 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
 dcso/fever | A fast and extensible system for processing JSON events from security monitoring tools | 50 |