LogRhythm-Labs / Microsoft-SysMon-configLinks
Sysmon configuration file template with default high-quality event tracing
☆20Updated 4 years ago
Alternatives and similar repositories for Microsoft-SysMon-config
Users that are interested in Microsoft-SysMon-config are comparing it to the libraries listed below
Sorting:
- Elastic Beat for fetching and shipping Office 365 audit events☆67Updated 4 years ago
- Powering Up Incident Response with Power-Response☆63Updated 5 years ago
- Office365 Log Analysis Framework☆81Updated 6 years ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated 2 years ago
- Parser for Windows PowerShell script block logs☆99Updated last year
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 8 months ago
- A Splunk app with saved reports derived from Sigma rules☆73Updated 7 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆31Updated 5 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆54Updated 3 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆110Updated 5 years ago
- ☆50Updated 5 years ago
- Collection of resources related to the Center for Threat-Informed Defense☆76Updated last year
- A series of scripts☆100Updated 3 years ago
- Purple Team Security☆75Updated 3 years ago
- Audix is a PowerShell tool to quickly configure the Windows Event Audit Policies for security monitoring☆117Updated 5 years ago
- Splunk TA for alert action to TheHive-project☆11Updated 5 years ago
- The PoLRBear Project☆35Updated 4 years ago
- Powershell Threat Hunting Module☆285Updated 8 years ago
- Sysmon Splunk App☆47Updated 7 years ago
- CB API scripts for IR, administration, etc.☆32Updated 6 years ago
- Scripts for comparing Microsoft Windows compliance with the ASD 1709 & Office 2016 Hardening Guides☆160Updated 5 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆112Updated 5 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆159Updated 2 years ago
- Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technic…☆224Updated 6 months ago
- ☆77Updated 6 years ago
- Repository for SPEED SIEM Use Case Framework☆55Updated 5 years ago
- SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…☆94Updated 2 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago