agreenjay/sysmon external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

agreenjay/sysmon

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/agreenjay/sysmon)

Close

agreenjay / sysmonView on GitHubMore

• External links
• Readme badge

A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data

☆39Mar 23, 2020Updated 6 years ago

Alternatives and similar repositories for sysmon

Users that are interested in sysmon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• airbus-cert / PSTrace

  View on GitHub
  Trace ScriptBlock execution for powershell v2
  ☆40Jan 14, 2020Updated 6 years ago
• jonny-jhnson / Automated-Detection-Pipeline

  View on GitHub
  ☆16Dec 16, 2020Updated 5 years ago
• jonny-jhnson / Windows-API-To-Sysmon-Events

  View on GitHub
  A repository that maps API calls to Sysmon Event ID's.
  ☆122Nov 14, 2022Updated 3 years ago
• c-APT-ure / my-public-stuff

  View on GitHub
  repo for sharing stuff
  ☆17Jul 1, 2025Updated 10 months ago
• ReconInfoSec / sigma-to-elastalert

  View on GitHub
  Ansible playbook to convert Sigma rules to ElastAlert rules
  ☆10Feb 5, 2021Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• HASecuritySolutions / LogCampaign

  View on GitHub
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆55Jul 1, 2022Updated 3 years ago
• MotiBa / AppLocker

  View on GitHub
  AppLocker hardening policies
  ☆27Jul 26, 2018Updated 7 years ago
• bittib010 / AjourVolAutolity

  View on GitHub
  A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.
  ☆16Aug 19, 2025Updated 9 months ago
• SecurityJosh / MuteSysmon

  View on GitHub
  A PowerShell script to prevent Sysmon from writing its events
  ☆17Apr 23, 2020Updated 6 years ago
• 3CORESec / Automata

  View on GitHub
  Automatic detection engineering technical state compliance
  ☆55Jul 7, 2024Updated last year
• securethelogs / Bluechecker

  View on GitHub
  Audit Powershell and search from known keywords in history #Blueteam
  ☆25Apr 22, 2020Updated 6 years ago
• ajackal / ir_scripts

  View on GitHub
  incident response scripts
  ☆18Mar 4, 2019Updated 7 years ago
• dobin / antniumui

  View on GitHub
  The Web UI for Antnium
  ☆27Jun 14, 2022Updated 3 years ago
• mattifestation / WindowsEventLogMetadata

  View on GitHub
  Event metadata collected across all manifest-based ETW providers on Window 10 1903
  ☆32Nov 25, 2019Updated 6 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• sk4la / plast

  View on GitHub
  Modular command-line threat hunting tool & framework.
  ☆17Jul 20, 2020Updated 5 years ago
• X-C3LL / wfp-reader

  View on GitHub
  Proof of concept - Covert Channel using Windows Filtering Platform (C#)
  ☆21Aug 29, 2021Updated 4 years ago
• Syslifters / split-bloodhound

  View on GitHub
  ☆18Sep 14, 2023Updated 2 years ago
• Sphinkie / RegFineViewer

  View on GitHub
  RegFineViewer is an utility to visualize and navigate easily the Windows Registry
  ☆18Jan 20, 2021Updated 5 years ago
• hiro4848 / sphinx

  View on GitHub
  ☆16Apr 16, 2015Updated 11 years ago
• robwillisinfo / Invoke-Decoder

  View on GitHub
  Invoke-Decoder – A PowerShell script to decode/deobfuscate malware samples
  ☆18Aug 2, 2020Updated 5 years ago
• dmchell / Sniper

  View on GitHub
  A simple proof of concept for detecting use of Cobalt Strike's execute-assembly
  ☆59Apr 1, 2022Updated 4 years ago
• nccgroup / UninstalledAppCanary

  View on GitHub
  A Canary which fires when uninstalled
  ☆34Mar 16, 2021Updated 5 years ago
• tasox / Epimitheus

  View on GitHub
  Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.
  ☆19Mar 13, 2022Updated 4 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• LMGsec / NTLMme

  View on GitHub
  NTLM Hash Generator
  ☆10Apr 2, 2021Updated 5 years ago
• cyotek / RegistryComparer

  View on GitHub
  C# application for creating and comparing registry key snapshots
  ☆17Jul 5, 2022Updated 3 years ago
• cedowens / Mod_Rewrite_Automation

  View on GitHub
  Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.
  ☆47Feb 17, 2021Updated 5 years ago
• CarlWebster / Microsoft-DNS

  View on GitHub
  Microsoft DNS Documentation Script
  ☆18Apr 10, 2026Updated last month
• secgroundzero / ossem_modular

  View on GitHub
  OSSEM Modular
  ☆27Jun 29, 2020Updated 5 years ago
• dsccommunity / xWindowsEventForwarding

  View on GitHub
  DSC Module to manage Windows Event Forwarding
  ☆22Sep 22, 2018Updated 7 years ago
• maurapintor / unica_mlsec_labs

  View on GitHub
  ☆11Dec 17, 2024Updated last year
• vforteli / Flexinets.Radius.RadiusClient

  View on GitHub
  Radius client for .Net (Net Standard)
  ☆12Nov 29, 2024Updated last year
• AhmedKamal1432 / Evilize

  View on GitHub
  Triaging Windows event logs based on SANS Poster
  ☆47Nov 22, 2025Updated 5 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• eoftedal / MalaRIA-Proxy

  View on GitHub
  Proof of concept code (which means poor code quality) for a proxy abusing unrestricted cross domain policies.
  ☆23Aug 28, 2013Updated 12 years ago
• jonny-jhnson / Detecting-Process-Injection-Techniques

  View on GitHub
  This is a repository that is meant to hold detections for various process injection techniques.
  ☆34Mar 3, 2020Updated 6 years ago
• target / Threat-Hunting

  View on GitHub
  Jupyter notebooks for threat hunting
  ☆61Apr 7, 2026Updated last month
• rsa9000 / regfanalysistools

  View on GitHub
  Low-level MS Windows registry files analysis tools
  ☆19May 5, 2016Updated 10 years ago
• dana-at-cp / metasploit-framework

  View on GitHub
  Metasploit Framework
  ☆10Apr 3, 2017Updated 9 years ago
• jokezone / Update-Sysmon

  View on GitHub
  This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
  ☆83Mar 20, 2023Updated 3 years ago
• TheHive-Project / awesome

  View on GitHub
  A curated list of awesome things related to TheHive & Cortex
  ☆184Oct 9, 2021Updated 4 years ago