SysmonTools
Event log analyzer
Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity.
Utilities for Sysmon
1k stars
94 watching
205 forks
last commit: 6 months ago
Linked from 1 awesome list
loggingmonitoringnetsecsysinternalssysmonthreat-huntingthreat-intelligencethreatintelwindows
spacial/awesome-systoolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 swiftonsecurity/sysmon-config | A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. | 4,803 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 mhaggis/sysmon-dfir | A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. | 899 |
 yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 763 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,188 |
 ion-storm/sysmon-config | A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. | 775 |
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 activecm/beaker | Aggregates Microsoft Sysmon network events with Elasticsearch and Kibana for threat hunting analysis | 285 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
 sysinternals/sysmonforlinux | A tool for monitoring system activity and logging events on Linux systems | 1,746 |
 scarredmonk/sysmonsimulator | A utility to simulate Windows event logs for testing EDR detections and correlation rules | 833 |
 sivasamyk/logtrail | A Kibana plugin to view, analyze, and search log events from multiple hosts in real-time with a centralized interface. | 1,398 |
| yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 556 |
 zqqf16/sym | An app for processing and analyzing crash logs from various frameworks | 594 |