microsoft/MSTIC-Sysmon

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/MSTIC-Sysmon)

microsoft / MSTIC-Sysmon

Anything Sysmon related from the MSTIC R&D team

☆156

Alternatives and similar repositories for MSTIC-Sysmon

Users that are interested in MSTIC-Sysmon are comparing it to the libraries listed below

Sorting:

zeflow / Sigma2SplunkAlert
View on GitHub
Converts Sigma detection rules to a Splunk alert configuration.
☆12Jul 1, 2021Updated 4 years ago
defensivedepth / osquery-filters
View on GitHub
☆34Aug 8, 2023Updated 2 years ago
3CORESec / Automata
View on GitHub
Automatic detection engineering technical state compliance
☆55Jul 7, 2024Updated last year
microsoft / SysmonForLinux
View on GitHub
Sysmon for Linux
☆2,079Mar 5, 2026Updated 2 weeks ago
olafhartong / sysmon-modular-linux
View on GitHub
A repository of Sysmon For Linux configuration modules
☆16Oct 14, 2021Updated 4 years ago
3CORESec / SIEGMA
View on GitHub
SIEGMA - Transform Sigma rules into SIEM consumables
☆159Mar 10, 2025Updated last year
Neo23x0 / auditd
View on GitHub
Best Practice Auditd Configuration
☆1,777Nov 27, 2025Updated 3 months ago
cyberdefenders / DetectionLabELK
View on GitHub
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
☆573Dec 12, 2021Updated 4 years ago
Cyb3r-Monk / RITA-J
View on GitHub
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
☆209Jul 21, 2022Updated 3 years ago
deep-security / sysmon-config
View on GitHub
☆13Jan 20, 2020Updated 6 years ago
vadim-hunter / Detection-Ideas-Rules
View on GitHub
Detection Ideas & Rules repository.
☆178Sep 10, 2021Updated 4 years ago
ScarredMonk / SysmonSimulator
View on GitHub
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
☆864Jan 20, 2022Updated 4 years ago
JPCERTCC / SysmonSearch
View on GitHub
Investigate suspicious activity by visualizing Sysmon's event log
☆430Dec 22, 2023Updated 2 years ago
Kirtar22 / ThreatHunting_with_Osquery
View on GitHub
Threat Hunting & Incident Investigation with Osquery
☆216Mar 30, 2022Updated 3 years ago
trustedsec / SysmonCommunityGuide
View on GitHub
TrustedSec Sysinternals Sysmon Community Guide
☆1,383Feb 10, 2026Updated last month
brokensound77 / toruk
View on GitHub
Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
☆13Jul 16, 2019Updated 6 years ago
nasbench / MindMaps
View on GitHub
#ThreatHunting #DFIR #Malware #Detection Mind Maps
☆304Nov 13, 2021Updated 4 years ago
nasbench / Eventlog_Compendium
View on GitHub
The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
☆53Apr 22, 2025Updated 10 months ago
ion-storm / sysmon-edr
View on GitHub
Sysmon EDR POC Build within Powershell to prove ability.
☆223May 1, 2021Updated 4 years ago
olafhartong / sysmon-modular
View on GitHub
A repository of sysmon configuration modules
☆2,994Aug 21, 2024Updated last year
stuhli / awesome-event-ids
View on GitHub
Collection of Event ID ressources useful for Digital Forensics and Incident Response
☆644Jun 19, 2024Updated last year
Yamato-Security / EnableWindowsLogSettings
View on GitHub
Documentation and scripts to properly enable Windows event logs.
☆673Oct 3, 2025Updated 5 months ago
mgreen27 / DetectRaptor
View on GitHub
A repository to share publicly available Velociraptor detection content
☆196Mar 8, 2026Updated last week
jpalanco / klara-docker-compose
View on GitHub
Klara docker compose
☆11May 19, 2020Updated 5 years ago
clr2of8 / TellTail
View on GitHub
A tool to display Windows Event logs as they happen.
☆14Sep 19, 2023Updated 2 years ago
CrowdStrike / SuperMem
View on GitHub
A python script developed to process Windows memory images based on triage type.
☆266Nov 25, 2023Updated 2 years ago
sandflysecurity / sandfly-processdecloak
View on GitHub
Sandfly Linux Stealth Rootkit Decloaking Utility
☆108Jan 19, 2023Updated 3 years ago
nasbench / EVTX-ETW-Resources
View on GitHub
Event Tracing For Windows (ETW) Resources
☆420Oct 30, 2025Updated 4 months ago
CybercentreCanada / assemblyline-core
View on GitHub
Core server components for Assemblyline 4 (Alerter, dispatcher, expiry, ingester, scaler, updater, ...)
☆21Mar 13, 2026Updated last week
MHaggis / sysmon-dfir
View on GitHub
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
☆938Dec 12, 2023Updated 2 years ago
sumeshi / evtx2es
View on GitHub
A library for fast parse & import of Windows Eventlogs into Elasticsearch.
☆86Jun 23, 2025Updated 8 months ago
sbousseaden / Slides
View on GitHub
Misc Threat Hunting Resources
☆377Jan 26, 2023Updated 3 years ago
CIRCL / factual-rules-generator
View on GitHub
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
☆75Jan 18, 2022Updated 4 years ago
FalconForceTeam / FalconHound
View on GitHub
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
☆818Mar 6, 2026Updated 2 weeks ago
brimorlabs / KStrike
View on GitHub
Stand-alone parser for User Access Logging from Server 2012 and newer systems
☆79Jan 9, 2024Updated 2 years ago
sandmaxprime / VagrantMalwareWin10VM
View on GitHub
Vagrant Files to create a Virtualbox VM for Malware Analysis
☆13Jun 1, 2021Updated 4 years ago
THEVER1TAS / sysmon-config
View on GitHub
Sysmon configuration file templates with advanced event tracing and blocking
☆41Feb 25, 2026Updated 3 weeks ago
NextronSystems / sysmon-config
View on GitHub
Sysmon configuration file template with default high-quality event tracing
☆577Jan 21, 2026Updated last month
NextronSystems / evtx-baseline
View on GitHub
A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
☆87Mar 11, 2026Updated last week