Alternatives and similar repositories for WEFFLES

Users that are interested in WEFFLES are comparing it to the libraries listed below

• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,296Sep 8, 2025Updated 5 months ago
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 3 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆881Nov 17, 2020Updated 5 years ago
• neu5ron / WinLogsZero2Hero

  View on GitHub
  This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.
  ☆22Jan 30, 2018Updated 8 years ago
• PSSecTools / WindowsEventForwarding

  View on GitHub
  A module for working with Windows Event Collector service and maintain Windows Event Forwarding subscriptions.
  ☆34Dec 14, 2025Updated last month
• ion-storm / sysmon-config

  View on GitHub
  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …
  ☆818Nov 5, 2023Updated 2 years ago
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆349Mar 19, 2021Updated 4 years ago
• gpoguy / GetVulnerableGPO

  View on GitHub
  PowerShell script to find 'vulnerable' security-related GPOs that should be hardended
  ☆198Jun 1, 2018Updated 7 years ago
• zacbrown / PowerKrabsEtw

  View on GitHub
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Nov 17, 2020Updated 5 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,569Sep 21, 2025Updated 4 months ago
• kurtfalde / LAPS-Reporting

  View on GitHub
  Solution for Auditing LAPS usage in an Active Directory environment.
  ☆36Dec 11, 2015Updated 10 years ago
• Invoke-IR / Uproot

  View on GitHub
  Currently not updated for WMIEvent module...
  ☆262Feb 23, 2016Updated 9 years ago
• SwiftOnSecurity / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆5,379Jul 3, 2024Updated last year
• n0dec / MalwLess

  View on GitHub
  Test Blue Team detections without running any attack.
  ☆272May 2, 2024Updated last year
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,968Aug 21, 2024Updated last year
• mattifestation / CimSweep

  View on GitHub
  CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…
  ☆659Aug 19, 2019Updated 6 years ago
• microsoft / AaronLocker

  View on GitHub
  Robust and practical application control for Windows
  ☆683Aug 12, 2022Updated 3 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 3 years ago
• dmb2168 / OAuthHunting

  View on GitHub
  ☆53May 21, 2018Updated 7 years ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,428Nov 16, 2023Updated 2 years ago
• SwiftOnSecurity / SwiftFilter

  View on GitHub
  Exchange Transport rules to detect and enable response to phishing
  ☆419May 9, 2020Updated 5 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆308Aug 14, 2020Updated 5 years ago
• PaulSec / awesome-windows-domain-hardening

  View on GitHub
  A curated list of awesome Security Hardening techniques for Windows.
  ☆1,790Jan 7, 2020Updated 6 years ago
• MotiBa / Sysmon

  View on GitHub
  Sysmon configuration
  ☆65Jul 12, 2018Updated 7 years ago
• ukncsc / lme

  View on GitHub
  Logging Made Easy
  ☆710Nov 1, 2023Updated 2 years ago
• outflanknl / Invoke-ADLabDeployer

  View on GitHub
  Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  ☆492Feb 16, 2019Updated 6 years ago
• ThreatHuntingProject / ThreatHunting

  View on GitHub
  An informational repo about hunting for adversaries in your IT environment.
  ☆1,846Nov 17, 2021Updated 4 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,363Dec 15, 2025Updated last month
• williballenthin / process-forest

  View on GitHub
  Reconstruct process trees from event logs
  ☆147Aug 12, 2020Updated 5 years ago
• randomaccess3 / 4n6_stuff

  View on GitHub
  Git for me to put all my forensics stuff
  ☆23Sep 2, 2025Updated 5 months ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆289Sep 21, 2016Updated 9 years ago
• redhuntlabs / RedHunt-OS

  View on GitHub
  Virtual Machine for Adversary Emulation and Threat Hunting
  ☆1,313Jan 22, 2025Updated last year
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆346May 7, 2024Updated last year
• MHaggis / app_splunk_sysmon_hunter

  View on GitHub
  Splunk App to assist Sysmon Threat Hunting
  ☆38Mar 7, 2017Updated 8 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• mattifestation / PSSysmonTools

  View on GitHub
  Sysmon Tools for PowerShell
  ☆232Aug 17, 2018Updated 7 years ago
• PSGumshoe / PSGumshoe

  View on GitHub
  ☆265Oct 25, 2025Updated 3 months ago
• atc-project / atomic-threat-coverage

  View on GitHub
  Actionable analytics designed to combat threats
  ☆1,006May 25, 2022Updated 3 years ago