Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆122Sep 20, 2021Updated 4 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows Events Attack Samples☆2,526Jan 24, 2023Updated 3 years ago
- Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆46Mar 2, 2020Updated 6 years ago
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆47Jul 8, 2019Updated 6 years ago
- Yara Rule Analyzer and Statistics☆395Feb 19, 2023Updated 3 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆823Nov 5, 2023Updated 2 years ago
- Simple Bash IOC Scanner☆775Feb 12, 2022Updated 4 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,077May 28, 2025Updated 9 months ago
- Personal website, darkstar7471.com☆11Dec 16, 2021Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆938Dec 12, 2023Updated 2 years ago
- Sysmon configuration file template with default high-quality event tracing☆5,438Jul 3, 2024Updated last year
- FRAC and RIFT☆17Mar 16, 2019Updated 7 years ago
- yarGen is a generator for YARA rules☆1,781Jan 10, 2026Updated 2 months ago
- Loki - Simple IOC and YARA Scanner☆3,733Jan 12, 2026Updated 2 months ago
- This repository contains tools used by 401trg.☆20Apr 14, 2021Updated 4 years ago
- A curated list of awesome YARA rules, tools, and people.☆4,163Mar 16, 2026Updated last week
- scripts to configure the Splunk Universal Forwarder in a locked down state☆40Dec 13, 2018Updated 7 years ago
- Random Code Store☆17Mar 27, 2023Updated 2 years ago
- Powershell script to extract information from boot PXE☆157Apr 26, 2019Updated 6 years ago
- ☆11Oct 28, 2016Updated 9 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆32Jul 30, 2020Updated 5 years ago
- Splunk Boss of the SOC version 2 dataset.☆416Nov 1, 2022Updated 3 years ago
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 9 months ago
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆143Updated this week
- Investigate suspicious activity by visualizing Sysmon's event log☆430Dec 22, 2023Updated 2 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆55Jul 1, 2022Updated 3 years ago
- Training and support materials for MSTICPy☆18Jun 27, 2023Updated 2 years ago
- Utilities for Sysmon☆1,577Sep 21, 2025Updated 6 months ago
- Hunting queries and detections☆891Oct 30, 2025Updated 4 months ago
- ☆10Mar 30, 2016Updated 9 years ago
- Cortex: a Powerful Observable Analysis and Active Response Engine☆1,563Nov 26, 2025Updated 3 months ago
- SolarWindsIOCScanner☆11Jan 19, 2021Updated 5 years ago
- KQL Queries☆34Feb 17, 2026Updated last month
- TrustedSec Sysinternals Sysmon Community Guide☆1,384Feb 10, 2026Updated last month
- A collection of PowerShell Modules for BloodHound/Empire Orchestration☆110Sep 26, 2017Updated 8 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 6 years ago
- Really can protect from ransomware encryption?☆15Nov 25, 2021Updated 4 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Digital Forensics and Incident Response notes and Autopsy tool walkthrough☆11Feb 3, 2022Updated 4 years ago
- osquery extensions by Trail of Bits☆269Apr 12, 2023Updated 2 years ago