This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
☆83Mar 20, 2023Updated 3 years ago
Alternatives and similar repositories for Update-Sysmon
Users that are interested in Update-Sysmon are comparing it to the libraries listed below
Sorting:
- incident response scripts☆18Mar 4, 2019Updated 7 years ago
- Pushes Sysmon Configs☆90Jun 11, 2021Updated 4 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Oct 25, 2020Updated 5 years ago
- WEFTools☆14Apr 30, 2020Updated 5 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆85Jan 9, 2022Updated 4 years ago
- Bro/Zeek integration with osquery☆93Nov 2, 2020Updated 5 years ago
- Script to parse Process Monitor XML log file, and give you a summary report.☆23May 4, 2016Updated 9 years ago
- Public Repo for Atomic Test Harness☆284Apr 8, 2025Updated 11 months ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆215Mar 29, 2021Updated 4 years ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,384Feb 10, 2026Updated last month
- Monitors the network for new connected MAC addresses☆17Dec 10, 2022Updated 3 years ago
- Accompanying PowerShell Modules for DevSec Defense Presentation☆30Apr 15, 2018Updated 7 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆430Dec 22, 2023Updated 2 years ago
- ☆50Aug 30, 2020Updated 5 years ago
- Synapse Rapid Power-up for SinkDB☆11Jun 24, 2025Updated 8 months ago
- Simple Live Data Collection Tool☆22Oct 4, 2020Updated 5 years ago
- A curated list of awesome things related to TheHive & Cortex☆185Oct 9, 2021Updated 4 years ago
- Powershell / C# based cross platform forensic framework based for live incident response☆23Jul 5, 2020Updated 5 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Jan 30, 2018Updated 8 years ago
- ☆10Jan 22, 2025Updated last year
- ☆15Dec 16, 2020Updated 5 years ago
- Detect HTTP stalling attacks like slowloris with Bro☆19Mar 1, 2018Updated 8 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆822Nov 5, 2023Updated 2 years ago
- Test Blue Team detections without running any attack.☆272May 2, 2024Updated last year
- An extendable tool to extract and aggregate IoCs from threat feeds☆33Feb 6, 2024Updated 2 years ago
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆36Dec 9, 2019Updated 6 years ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,080Nov 28, 2024Updated last year
- Information about most important hunts which can be performed by Threat hunters while searching for any adversary/threats inside the orga…☆15May 18, 2019Updated 6 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆95Feb 2, 2022Updated 4 years ago
- Open source HIDS tailored for Microsoft Windows and Active Directory☆29Feb 13, 2026Updated last month
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Feb 6, 2020Updated 6 years ago
- Malware analysis and Reverse Engineering Workshops from Invoke RE☆15Jun 30, 2024Updated last year
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- Historical Observations of Actionable Reputation Data☆13Jun 26, 2018Updated 7 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆13Sep 9, 2020Updated 5 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 5 years ago
- Linux and Windows Hardening Points☆12Mar 6, 2018Updated 8 years ago
- ☆30Nov 15, 2018Updated 7 years ago