sysmon

Generic Signature Format for SIEM Systems

Automate the creation of a lab environment complete with security tooling and logging best practices

Sysmon configuration file template with default high-quality event tracing

Block spying and tracking on Windows

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A repository of sysmon configuration modules

Utilities for Sysmon

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Open Source EDR for Windows

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Investigate suspicious activity by visualizing Sysmon's event log

Test Blue Team detections without running any attack.

Endpoint detection & Malware analysis software

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Neutering Sysmon via driver unload

Sysmon EDR POC Build within Powershell to prove ability.

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.