LogRhythm-Labs / Microsoft-SysMon-configLinks
Sysmon configuration file template with default high-quality event tracing
☆20Updated 4 years ago
Alternatives and similar repositories for Microsoft-SysMon-config
Users that are interested in Microsoft-SysMon-config are comparing it to the libraries listed below
Sorting:
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated 2 years ago
- Elastic Beat for fetching and shipping Office 365 audit events☆68Updated 5 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Powering Up Incident Response with Power-Response☆63Updated 5 years ago
- Office365 Log Analysis Framework☆81Updated 6 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆30Updated 5 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- Audix is a PowerShell tool to quickly configure the Windows Event Audit Policies for security monitoring☆116Updated 5 years ago
- ☆50Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆204Updated 9 months ago
- A Splunk app with saved reports derived from Sigma rules☆73Updated 7 years ago
- Scripts for comparing Microsoft Windows compliance with the ASD 1709 & Office 2016 Hardening Guides☆159Updated 5 years ago
- Tools to automate and/or expedite response.☆115Updated last year
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆54Updated 3 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆112Updated 5 years ago
- The PoLRBear Project☆35Updated 4 years ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆42Updated 2 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆159Updated 2 years ago
- Splunk TA for alert action to TheHive-project☆11Updated 5 years ago
- ☆55Updated 4 years ago
- ☆77Updated 6 years ago
- Sysmon Splunk App☆47Updated 7 years ago
- Invoke-LiveResponse☆149Updated 3 years ago
- Purple Team Security☆75Updated 3 years ago
- Repository for SPEED SIEM Use Case Framework☆56Updated 5 years ago
- Collection of PowerShell functinos and scripts a Blue Teamer might use☆84Updated 2 years ago
- Parser for Windows PowerShell script block logs☆99Updated last year
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆37Updated 3 years ago
- A series of scripts☆100Updated 3 years ago
- Powershell Threat Hunting Module☆286Updated 9 years ago