Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆122Sep 20, 2021Updated 4 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below
Sorting:
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆46Mar 2, 2020Updated 6 years ago
- DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆47Jul 8, 2019Updated 6 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆821Nov 5, 2023Updated 2 years ago
- Yara Rule Analyzer and Statistics☆394Feb 19, 2023Updated 3 years ago
- This repository contains tools used by 401trg.☆20Apr 14, 2021Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- Simple Bash IOC Scanner☆771Feb 12, 2022Updated 4 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆2,073May 28, 2025Updated 9 months ago
- Sysmon configuration file template with default high-quality event tracing☆5,401Jul 3, 2024Updated last year
- ☆11Oct 28, 2016Updated 9 years ago
- Collection of Dashboards for Threat Hunting and more!☆74Oct 17, 2020Updated 5 years ago
- yarGen is a generator for YARA rules☆1,776Jan 10, 2026Updated last month
- FRAC and RIFT☆17Mar 16, 2019Updated 6 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Loki - Simple IOC and YARA Scanner☆3,726Jan 12, 2026Updated last month
- Deploy and maintain Symon through the Splunk Deployment Sever☆32Jul 30, 2020Updated 5 years ago
- scripts to configure the Splunk Universal Forwarder in a locked down state☆40Dec 13, 2018Updated 7 years ago
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.☆12Feb 27, 2023Updated 3 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- A curated list of awesome YARA rules, tools, and people.☆4,146Updated this week
- This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode☆27Jun 25, 2024Updated last year
- A Splunk app with saved reports derived from Sigma rules☆73Apr 24, 2018Updated 7 years ago
- Forensics triage tool relying on Volatility and Foremost☆25Dec 3, 2023Updated 2 years ago
- Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit por…☆31Feb 7, 2026Updated 3 weeks ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆24Jan 8, 2024Updated 2 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Quick lookup files for SUNBURST Backdoor☆12Dec 15, 2020Updated 5 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- Digital Forensics and Incident Response notes and Autopsy tool walkthrough☆11Feb 3, 2022Updated 4 years ago
- CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)☆12Apr 18, 2018Updated 7 years ago
- Tools and Binaries to use with KAPE☆13Aug 13, 2019Updated 6 years ago
- evtx2json extracts events of interest from event logs, dedups them, and exports them to json.☆41May 3, 2021Updated 4 years ago
- Spider or repeater to find all links.☆10Feb 7, 2021Updated 5 years ago
- SolarWindsIOCScanner☆11Jan 19, 2021Updated 5 years ago
- Useful windows tools for Blue, Red & Purple teams☆11Feb 22, 2026Updated last week
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago