AustralianCyberSecurityCentre/windows_event_logging external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

AustralianCyberSecurityCentre/windows_event_logging

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AustralianCyberSecurityCentre/windows_event_logging)

Close

AustralianCyberSecurityCentre / windows_event_loggingView on GitHubMore

• External links
• Readme badge

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

☆229Feb 5, 2025Updated last year

Alternatives and similar repositories for windows_event_logging

Users that are interested in windows_event_logging are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆885Nov 17, 2020Updated 5 years ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,325Sep 8, 2025Updated 8 months ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆941Dec 12, 2023Updated 2 years ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆3,045Aug 21, 2024Updated last year
• MarkBaggett / domain_stats2

  View on GitHub
  ☆14Feb 8, 2020Updated 6 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• ukncsc / lme

  View on GitHub
  Logging Made Easy
  ☆708Nov 1, 2023Updated 2 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 4 years ago
• HASecuritySolutions / LogCampaign

  View on GitHub
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆55Jul 1, 2022Updated 3 years ago
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 4 years ago
• SwiftOnSecurity / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆5,531Jul 3, 2024Updated last year
• Benster900 / ThreatWaffle

  View on GitHub
  Threat hunting repo for my independent study on threat hunting with OSQuery
  ☆27Jan 16, 2018Updated 8 years ago
• mkorman90 / sysmon-config-bypass-finder

  View on GitHub
  Detect possible sysmon logging bypasses given a specific configuration
  ☆111Dec 26, 2018Updated 7 years ago
• sans-blue-team / sec555-wiki

  View on GitHub
  ☆78Jun 25, 2019Updated 6 years ago
• mattifestation / BHUSA2018_Sysmon

  View on GitHub
  All materials from our Black Hat 2018 "Subverting Sysmon" talk
  ☆135Aug 10, 2018Updated 7 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• olafhartong / ThreatHunting

  View on GitHub
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  ☆1,183Jul 26, 2023Updated 2 years ago
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆350Mar 19, 2021Updated 5 years ago
• UNIT777 / Email2TheHive

  View on GitHub
  This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.
  ☆12Jul 13, 2017Updated 8 years ago
• ajackal / ir_scripts

  View on GitHub
  incident response scripts
  ☆18Mar 4, 2019Updated 7 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,414Feb 10, 2026Updated 3 months ago
• nsacyber / Windows-Secure-Host-Baseline

  View on GitHub
  Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
  ☆1,591Dec 24, 2022Updated 3 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,962Jul 6, 2024Updated last year
• OTRF / Blacksmith

  View on GitHub
  Building environments to replicate small networks and deploy applications
  ☆334Jan 9, 2026Updated 4 months ago
• olafhartong / sysmon-modular-linux

  View on GitHub
  A repository of Sysmon For Linux configuration modules
  ☆16Oct 14, 2021Updated 4 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• russelltomkins / Project-Sauron

  View on GitHub
  Tools to create a Native Windows Audit Collection Platform. Active Directory example provided
  ☆77Nov 5, 2019Updated 6 years ago
• salesforce / bro-sysmon

  View on GitHub
  How to Zeek Sysmon Logs!
  ☆102Feb 12, 2022Updated 4 years ago
• Yamato-Security / EnableWindowsLogSettings

  View on GitHub
  Documentation and scripts to properly enable Windows event logs.
  ☆704Oct 3, 2025Updated 7 months ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• Velocidex / eql2vql

  View on GitHub
  Transform EQL detection rules to VQL artifacts
  ☆12Nov 12, 2021Updated 4 years ago
• Invoke-IR / ACE

  View on GitHub
  Automated, Collection, and Enrichment Platform
  ☆326Nov 14, 2019Updated 6 years ago
• olafhartong / detection-sources

  View on GitHub
  ☆53Mar 4, 2019Updated 7 years ago
• ion-storm / sysmon-config

  View on GitHub
  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …
  ☆826Nov 5, 2023Updated 2 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,292Apr 29, 2026Updated 3 weeks ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• miriamxyra / EventList

  View on GitHub
  EventList
  ☆379Mar 21, 2021Updated 5 years ago
• sisoc-tokyo / mimikatz_detection

  View on GitHub
  ☆12Mar 24, 2018Updated 8 years ago
• JSCU-NL / logging-essentials

  View on GitHub
  A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.
  ☆293Aug 26, 2021Updated 4 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,645Apr 4, 2026Updated last month
• 0x0v1 / Audix

  View on GitHub
  Audix is a PowerShell tool to quickly configure the Windows Event Audit Policies for security monitoring
  ☆118Oct 14, 2025Updated 7 months ago
• jokezone / Update-Sysmon

  View on GitHub
  This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
  ☆83Mar 20, 2023Updated 3 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,559Jan 12, 2026Updated 4 months ago