SysmonTools

Event log analyzer

Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity.

Utilities for Sysmon

GitHub

1k stars
94 watching
205 forks
last commit: 6 months ago
Linked from 1 awesome list

loggingmonitoringnetsecsysinternalssysmonthreat-huntingthreat-intelligencethreatintelwindows

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
jpcertcc/sysmonsearch Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. 417
swiftonsecurity/sysmon-config A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. 4,810
thiber-org/userline Automates analysis of Windows Security Events to identify user logon relations 240
mhaggis/sysmon-dfir A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. 899
yamato-security/wela Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. 763
sans-blue-team/deepbluecli A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. 2,190
ion-storm/sysmon-config A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. 775
reed1713/elat A toolset for analyzing Windows event logs to detect and analyze malware 29
activecm/beaker Aggregates Microsoft Sysmon network events with Elasticsearch and Kibana for threat hunting analysis 286
wagga40/zircolite A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules 680
scarredmonk/sysmonsimulator A utility to simulate Windows event logs for testing EDR detections and correlation rules 833
sivasamyk/logtrail A Kibana plugin to view, analyze, and search log events from multiple hosts in real-time with a centralized interface. 1,398
yamato-security/enablewindowslogsettings Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods 556
zqqf16/sym An app for processing and analyzing crash logs from various frameworks 594