Sysmon configuration file template with default high-quality event tracing
Utilities for Sysmon
Sysmon for Linux
A repository of sysmon configuration modules
TrustedSec Sysinternals Sysmon Community Guide
翻译 - TrustedSec Sysinternals Sysmon社区指南
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
翻译 - Sysmon 事件模拟实用程序,可用于模拟攻击以生成 Sysmon 事件日志,以测试 Blue 团队的 EDR 检测和关联规则。
Investigate suspicious activity by visualizing Sysmon's event log
An easy ATT&CK-based Sysmon hunting tool, showing in Blackhat USA 2019 Arsenal
Ayatana application indicator to show various system parameters - Debian and Ubuntu
Evade sysmon and windows event logging
翻译 - 逃避sysmon和Windows事件记录
All sysmon event types and their fields explained
翻译 - 解释了所有 sysmon 事件类型及其字段
The Linux port of the Sysinternals Sysmon tool.
Threat Hunting tool about Sysmon and graphs
翻译 - 关于Sysmon和图的威胁搜寻工具
Graphical system monitor for linux, including information about CPU, GPU, Memory, HDD/SDD and your network connections. Similar to windows task manager.
翻译 - 用于Linux的图形系统监视器,包括有关CPU,GPU,内存,HDD / SSD和您的网络连接的信息。类似于Windows任务管理器。
An intuitive remotely-accessible system performance monitoring and task management tool for servers and headless Raspberry Pi setups.
翻译 - 用于服务器和无头Raspberry Pi设置的直观,可远程访问的系统性能监视和任务管理工具。
PowerShell module for creating and managing Sysinternals Sysmon config files.
All materials from our Black Hat 2018 "Subverting Sysmon" talk
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发