microsoft/MSTIC-Sysmon external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

microsoft/MSTIC-Sysmon

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/MSTIC-Sysmon)

Close

microsoft / MSTIC-SysmonView on GitHubMore

• External links
• Readme badge

Anything Sysmon related from the MSTIC R&D team

☆157Jun 8, 2024Updated last year

Alternatives and similar repositories for MSTIC-Sysmon

Users that are interested in MSTIC-Sysmon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• zeflow / Sigma2SplunkAlert

  View on GitHub
  Converts Sigma detection rules to a Splunk alert configuration.
  ☆12Jul 1, 2021Updated 4 years ago
• defensivedepth / osquery-filters

  View on GitHub
  ☆34Aug 8, 2023Updated 2 years ago
• 3CORESec / Automata

  View on GitHub
  Automatic detection engineering technical state compliance
  ☆55Jul 7, 2024Updated last year
• microsoft / SysmonForLinux

  View on GitHub
  Sysmon for Linux
  ☆2,096Updated this week
• olafhartong / sysmon-modular-linux

  View on GitHub
  A repository of Sysmon For Linux configuration modules
  ☆16Oct 14, 2021Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• 3CORESec / SIEGMA

  View on GitHub
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆159Mar 10, 2025Updated last year
• Neo23x0 / auditd

  View on GitHub
  Best Practice Auditd Configuration
  ☆1,814Apr 21, 2026Updated last week
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆209Jul 21, 2022Updated 3 years ago
• deep-security / sysmon-config

  View on GitHub
  ☆13Jan 20, 2020Updated 6 years ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆869Jan 20, 2022Updated 4 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆217Mar 30, 2022Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,397Feb 10, 2026Updated 2 months ago
• brokensound77 / toruk

  View on GitHub
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Jul 16, 2019Updated 6 years ago
• nasbench / MindMaps

  View on GitHub
  #ThreatHunting #DFIR #Malware #Detection Mind Maps
  ☆306Nov 13, 2021Updated 4 years ago
• nasbench / Eventlog_Compendium

  View on GitHub
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆54Apr 22, 2025Updated last year
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆225May 1, 2021Updated 4 years ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆3,029Aug 21, 2024Updated last year
• stuhli / awesome-event-ids

  View on GitHub
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆647Jun 19, 2024Updated last year
• Yamato-Security / EnableWindowsLogSettings

  View on GitHub
  Documentation and scripts to properly enable Windows event logs.
  ☆694Oct 3, 2025Updated 6 months ago
• jpalanco / klara-docker-compose

  View on GitHub
  Klara docker compose
  ☆11May 19, 2020Updated 5 years ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• mgreen27 / DetectRaptor

  View on GitHub
  A repository to share publicly available Velociraptor detection content
  ☆203Apr 19, 2026Updated last week
• clr2of8 / TellTail

  View on GitHub
  A tool to display Windows Event logs as they happen.
  ☆14Sep 19, 2023Updated 2 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• sandflysecurity / sandfly-processdecloak

  View on GitHub
  Sandfly Linux Stealth Rootkit Decloaking Utility
  ☆108Jan 19, 2023Updated 3 years ago
• nasbench / EVTX-ETW-Resources

  View on GitHub
  Event Tracing For Windows (ETW) Resources
  ☆425Oct 30, 2025Updated 6 months ago
• CybercentreCanada / assemblyline-core

  View on GitHub
  Core server components for Assemblyline 4 (Alerter, dispatcher, expiry, ingester, scaler, updater, ...)
  ☆21Updated this week
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆940Dec 12, 2023Updated 2 years ago
• sbousseaden / Slides

  View on GitHub
  Misc Threat Hunting Resources
  ☆378Jan 26, 2023Updated 3 years ago
• sumeshi / evtx2es

  View on GitHub
  A fast library for parsing and importing Windows Event Logs into Elasticsearch.
  ☆87Apr 14, 2026Updated 2 weeks ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• CIRCL / factual-rules-generator

  View on GitHub
  Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
  ☆75Jan 18, 2022Updated 4 years ago
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆820Apr 18, 2026Updated last week
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆80Jan 9, 2024Updated 2 years ago
• sandmaxprime / VagrantMalwareWin10VM

  View on GitHub
  Vagrant Files to create a Virtualbox VM for Malware Analysis
  ☆13Jun 1, 2021Updated 4 years ago
• NextronSystems / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆588Jan 21, 2026Updated 3 months ago
• mass-project / mass_server

  View on GitHub
  Malware Analysis and Storage System - Server repository
  ☆12Jul 15, 2022Updated 3 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,743Mar 20, 2024Updated 2 years ago