sysmon-dfir
Sysmon toolkit
A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring.
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
901 stars
114 watching
184 forks
last commit: about 1 year ago
Linked from 1 awesome list
sysmon
0x4d31/awesome-threat-detectionRelated projects:
| Repository | Description | Stars |
|---|---|---|
 olafhartong/sysmon-modular | A repository of customizable Sysmon configuration modules for security analysis and threat hunting. | 2,678 |
 ion-storm/sysmon-config | A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. | 780 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
 swiftonsecurity/sysmon-config | A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. | 4,828 |
| ion-storm/sysmon-edr | A PowerShell-based EDR system with Sysmon integration to detect and respond to security threats. | 218 |
| mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 trustedsec/sysmoncommunityguide | A community-driven guide to configuring and using the Sysmon security monitoring tool | 1,156 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 sannykim/solsec | A collection of resources to study Solana smart contract security, auditing, and exploits. | 624 |
 neo23x0/sysmon-config | A comprehensive Sysmon configuration file template with default high-quality event tracing | 457 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 419 |
 gridhead/sysmon | A remotely-accessible system performance monitoring and task management tool for servers and Raspberry Pi setups | 191 |
 scarredmonk/sysmonsimulator | A utility to simulate Windows event logs for testing EDR detections and correlation rules | 836 |
 gistairc/hs-sod | Provides a dataset and tools for testing salient object detection models on hyperspectral images | 55 |
 dynetics/malfunction | Tools for analyzing and comparing malware at a function level using fuzzy hashing algorithms | 192 |