jokezone / Update-Sysmon
This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
☆82Updated last year
Related projects: ⓘ
- ☆40Updated last year
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆86Updated 2 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆31Updated 4 years ago
- ☆28Updated last year
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 2 years ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 3 years ago
- My conference presentations☆66Updated 10 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 8 months ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆15Updated last year
- Extract BITS jobs from QMGR queue and store them as CSV records☆73Updated 2 months ago
- ☆76Updated 5 years ago
- Powering Up Incident Response with Power-Response☆62Updated 4 years ago
- ☆20Updated this week
- Community Tasks/Plans for PlumHound Queueing☆21Updated last year
- ☆68Updated last year
- Invoke-LiveResponse☆145Updated 2 years ago
- List of PowerShell commands and commandlets that should be in your Powershel watchlist☆37Updated 3 years ago
- Parses KAPE module files and downloads binaries referenced by BinaryURL☆17Updated 4 years ago
- Expert Investigation Guides☆50Updated 3 years ago
- Azure Sentinel Template parser☆15Updated 3 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆59Updated 9 months ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆40Updated 4 years ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated last year
- A Splunk app with saved reports derived from Sigma rules☆72Updated 6 years ago
- A PowerShell incident response script for quick triage☆75Updated 2 years ago
- Build a domain with three quick PowerShell scripts!☆28Updated 4 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆82Updated 3 years ago