sysmon

Main Sigma Rule Repository

翻译 - SIEM系统的通用签名格式

Sysmon configuration file template with default high-quality event tracing

Block spying and tracking on Windows

翻译 - 🛡在Windows上阻止间谍和跟踪

Automate the creation of a lab environment complete with security tooling and logging best practices

翻译 - Vagrant＆Packer脚本可构建带有安全工具和记录最佳实践的完整实验室环境

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

翻译 - 威胁猎人的剧本，有助于发展狩猎活动的技术和假设。

A repository of sysmon configuration modules

Utilities for Sysmon

Open Source EDR for Windows

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

翻译 - 用于EVTX的基于SIGMA的独立检测工具。

Documentation and scripts to properly enable Windows event logs.

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Investigate suspicious activity by visualizing Sysmon's event log

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

Test Blue Team detections without running any attack.

Endpoint detection & Malware analysis software

Neutering Sysmon via driver unload

翻译 - 通过卸载驱动程序中和Sysmon

Sysmon EDR POC Build within Powershell to prove ability.

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.