SysmonSimulator

Event simulator

A utility to simulate Windows event logs for testing EDR detections and correlation rules

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

GitHub

836 stars
20 watching
109 forks
Language: C
last commit: almost 3 years ago

Related projects:

Repository Description Stars
jpcertcc/sysmonsearch Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. 419
alphasoc/flightsim A utility to generate malicious network traffic patterns and evaluate security controls. 1,271
sea-erkin/log-snare A web application designed to simulate vulnerabilities and demonstrate the importance of proper validation and logging. 31
nshalabi/sysmontools Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. 1,492
securityriskadvisors/vectr A tool for simulating and tracking adversary threats to measure detection and prevention capabilities 1,403
interana/eventsim Generates event data to simulate real-world user behavior for testing and development purposes. 508
andresionek91/fake-web-events Generates semi-random web events with configurable probabilities and constraints to mimic real-world scenarios. 80
dsnezhkov/racketeer A toolkit for simulating and testing ransomware operations in a controlled environment 68
zombiecraig/icsim A tool simulates an instrument cluster's behavior over a virtual CAN network. 813
azure/simuland A collaboration to create realistic test environments for simulating real-world attacks and improving detection strategies. 704
ion-storm/sysmon-config A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. 780
nextronsystems/ransomware-simulator A tool to simulate ransomware behavior for testing antivirus software 415
n0dec/malwless A tool designed to simulate system compromise or attack behaviors without running processes or PoCs. 271
swiftonsecurity/sysmon-config A template configuration file for Microsoft Sysinternals' Sysmon to monitor system changes with high-quality event tracing. 4,828
mhaggis/sysmon-dfir A curated collection of resources and tools for learning and implementing Microsoft Sysmon for incident detection, threat hunting, and endpoint security monitoring. 901