jymcheong/SysmonResources external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

jymcheong/SysmonResources

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/jymcheong/SysmonResources)

Close

jymcheong / SysmonResourcesView on GitHubMore

• External links
• Readme badge

Consolidation of various resources related to Microsoft Sysmon & sample data/log

☆123Sep 20, 2021Updated 4 years ago

Alternatives and similar repositories for SysmonResources

Users that are interested in SysmonResources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,560Jan 24, 2023Updated 3 years ago
• TheHive-Project / Zerofox2TH

  View on GitHub
  Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
  ☆46Mar 2, 2020Updated 6 years ago
• TheHive-Project / DigitalShadows2TH

  View on GitHub
  DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
  ☆46Jul 8, 2019Updated 6 years ago
• Neo23x0 / yarAnalyzer

  View on GitHub
  Yara Rule Analyzer and Statistics
  ☆395Feb 19, 2023Updated 3 years ago
• ion-storm / sysmon-config

  View on GitHub
  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …
  ☆826Nov 5, 2023Updated 2 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• Neo23x0 / Fenrir

  View on GitHub
  Simple Bash IOC Scanner
  ☆778Feb 12, 2022Updated 4 years ago
• center-for-threat-informed-defense / adversary_emulation_library

  View on GitHub
  An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
  ☆2,106May 28, 2025Updated 11 months ago
• DarkStar7471 / darkstar7471.github.io

  View on GitHub
  Personal website, darkstar7471.com
  ☆11Dec 16, 2021Updated 4 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆941Dec 12, 2023Updated 2 years ago
• SwiftOnSecurity / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆5,531Jul 3, 2024Updated last year
• chaoticmachinery / frac_rift

  View on GitHub
  FRAC and RIFT
  ☆17Mar 16, 2019Updated 7 years ago
• Neo23x0 / yarGen

  View on GitHub
  yarGen is a generator for YARA rules
  ☆1,788Jan 10, 2026Updated 4 months ago
• Neo23x0 / Loki

  View on GitHub
  Loki - Simple IOC and YARA Scanner
  ☆3,756Jan 12, 2026Updated 4 months ago
• 401trg / utilities

  View on GitHub
  This repository contains tools used by 401trg.
  ☆20Apr 14, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• InQuest / awesome-yara

  View on GitHub
  A curated list of awesome YARA rules, tools, and people.
  ☆4,200Mar 16, 2026Updated 2 months ago
• MattUebel / splunk_UF_hardening

  View on GitHub
  scripts to configure the Splunk Universal Forwarder in a locked down state
  ☆40Dec 13, 2018Updated 7 years ago
• abhisek / RandomCode

  View on GitHub
  Random Code Store
  ☆17Mar 27, 2023Updated 3 years ago
• P3t3rp4rk3r / Malware-Analysis

  View on GitHub
  ☆11Oct 28, 2016Updated 9 years ago
• wavestone-cdt / powerpxe

  View on GitHub
  Powershell script to extract information from boot PXE
  ☆159Apr 26, 2019Updated 7 years ago
• olafhartong / TA-Sysmon-deploy

  View on GitHub
  Deploy and maintain Symon through the Splunk Deployment Sever
  ☆32Jul 30, 2020Updated 5 years ago
• splunk / botsv2

  View on GitHub
  Splunk Boss of the SOC version 2 dataset.
  ☆426Nov 1, 2022Updated 3 years ago
• olafhartong / WDACme

  View on GitHub
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆30Jun 18, 2025Updated 11 months ago
• zeek / packages

  View on GitHub
  The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.
  ☆143Updated this week
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• horshark / akb-explorer

  View on GitHub
  A command line tool to search AttackerKB.
  ☆54Jan 16, 2021Updated 5 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• HASecuritySolutions / LogCampaign

  View on GitHub
  Provides detection capabilities and log conversion to evtx or syslog capabilities
  ☆55Jul 1, 2022Updated 3 years ago
• microsoft / msticpy-training

  View on GitHub
  Training and support materials for MSTICPy
  ☆18Jun 27, 2023Updated 2 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,645Apr 4, 2026Updated last month
• boundary / wireshark

  View on GitHub
  wireshark + boundary IPFIX decode patches
  ☆335Jun 8, 2018Updated 7 years ago
• FalconForceTeam / FalconFriday

  View on GitHub
  Hunting queries and detections
  ☆911May 7, 2026Updated 2 weeks ago
• TheHive-Project / Cortex

  View on GitHub
  Cortex: a Powerful Observable Analysis and Active Response Engine
  ☆1,582Updated this week
• JoeAWagner / SolarWindsIOCScanner

  View on GitHub
  SolarWindsIOCScanner
  ☆11Jan 19, 2021Updated 5 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• jkerai1 / KQL-Queries

  View on GitHub
  KQL Queries
  ☆40May 13, 2026Updated last week
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,414Feb 10, 2026Updated 3 months ago
• SadProcessor / EmpireDog

  View on GitHub
  A collection of PowerShell Modules for BloodHound/Empire Orchestration
  ☆110Sep 26, 2017Updated 8 years ago
• agreenjay / sysmon

  View on GitHub
  A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
  ☆39Mar 23, 2020Updated 6 years ago
• JamesHabben / sysmon-queries

  View on GitHub
  Queries to parse sysmon event log file with microsoft logparser
  ☆58Mar 31, 2015Updated 11 years ago
• NoelV11 / DFIR-Training

  View on GitHub
  Digital Forensics and Incident Response notes and Autopsy tool walkthrough
  ☆11Feb 3, 2022Updated 4 years ago
• DamonMohammadbagher / ETWNetMonv3

  View on GitHub
  ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…
  ☆39Jun 6, 2023Updated 2 years ago