jymcheong / SysmonResourcesLinks
Consolidation of various resources related to Microsoft Sysmon & sample data/log
☆115Updated 4 years ago
Alternatives and similar repositories for SysmonResources
Users that are interested in SysmonResources are comparing it to the libraries listed below
Sorting:
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆298Updated last week
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆210Updated 5 years ago
- Misc Threat Hunting Resources☆374Updated 2 years ago
- Build a attack range in your local machine☆131Updated 2 years ago
- ATT&CK Remote Threat Hunting Incident Response☆204Updated 9 months ago
- Zeek Log Cheatsheets☆298Updated last month
- Splunk code (SPL) for serious threat hunters and detection engineers.☆287Updated last year
- This is a repository for freq.py and freq_server.py☆210Updated 5 years ago
- Tools for simulating threats☆193Updated last year
- A list of my personal projects☆177Updated 3 years ago
- Atomic Purple Team Framework and Lifecycle☆298Updated 4 years ago
- Scripts to facilitate filtering with Plaso☆127Updated 5 years ago
- Public Repo for Atomic Test Harness☆278Updated 5 months ago
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆189Updated 3 years ago
- Splunk Boss of the SOC version 2 dataset.☆400Updated 2 years ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆162Updated 10 months ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆155Updated 6 months ago
- Indexes for SANS Courses and GIAC Certifications☆262Updated last year
- OSSEM Detection Model☆179Updated 2 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆331Updated 4 months ago
- Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/i…☆241Updated 9 months ago
- Dashboard for conducting Backdoors and Breaches sessions over Zoom.☆115Updated 11 months ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆302Updated 3 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆572Updated 3 years ago
- These are open source rules that can be utilized with QRadar to detect various types of threats in the environment.☆55Updated 6 years ago
- A python script developed to process Windows memory images based on triage type.☆265Updated last year
- Dump of organized knowledge on DFIR☆135Updated 4 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆233Updated 6 months ago
- Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.☆485Updated 10 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆262Updated 4 months ago