ThreatHunting VS sysmon-config

Compare ThreatHunting vs sysmon-config and see what are their differences.

ThreatHunting

Tools for hunting for threats. (by GossiTheDog)

sysmon-config

Sysmon configuration file template with default high-quality event tracing (by SwiftOnSecurity)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
ThreatHunting sysmon-config
1 35
564 4,768
- -
4.2 0.0
about 1 year ago 3 months ago
YARA
GNU General Public License v3.0 only -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

ThreatHunting

Posts with mentions or reviews of ThreatHunting. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-07-26.

sysmon-config

Posts with mentions or reviews of sysmon-config. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-30.
  • Software Hardening Tools for System Defense
    1 project | dev.to | 30 Apr 2024
    cd c:\sysmon git clone https://github.com/SwiftOnSecurity/sysmon-config sysmon -accepteula -i sysmon-config/sysmon-config.xml
  • Troubleshooting Intermittent Slowness on Network Share
    1 project | /r/msp | 7 Jul 2023
    https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
  • Sysmon not reading our config.xml-file
    1 project | /r/sysadmin | 21 Jun 2023
    Rebooted and downloaded sysmon 14.16 and sysmonconfig-export.xml
  • Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
    1 project | /r/msp | 31 May 2023
    There's all sorts of things you can do for various types of monitoring including Zabbix, Graylog, roll-your-own with Sysmon (see https://github.com/SwiftOnSecurity/sysmon-config), etc. The question becomes one of time - don't get so focused on DIY or free that you spend hours (or pay someone to spend hours) a month babysitting.
  • How do you actually threat hunt?
    3 projects | /r/cybersecurity | 30 May 2023
    If you don't catch it what changes can you do to your logging to enable it? Can you push it out to the environment? While sysmon is awesome, you can do your hunts with built in logging most of the time... Just might not have all the data around it you want to have. I would throw sysmon on a test box (make sure you have a config file that filters out the noise: https://github.com/SwiftOnSecurity/sysmon-config)
  • How do I exclude specific event IDs in Sysmon?
    1 project | /r/sysadmin | 15 Apr 2023
    I played around with https://github.com/SwiftOnSecurity/sysmon-config Maybe there xml can point you in the right direction
  • Finding the Process initiating a ping
    1 project | /r/netsecstudents | 5 Apr 2023
    and here's an off the shelf config file: https://github.com/SwiftOnSecurity/sysmon-config
  • How to filter SysMon Logs for suspicious events
    1 project | /r/sysadmin | 28 Mar 2023
  • SysMon Deployment Help
    1 project | /r/sysadmin | 26 Feb 2023
  • MISP integration issues
    1 project | /r/Wazuh | 25 Jan 2023
    - Make sure you have sysmon installed on the agent host and it is logging event to the Sysmon folder as ID 22. Can use this xml file

What are some alternatives?

When comparing ThreatHunting and sysmon-config you can also consider the following projects:

signature-base - YARA signature and IOC database for my scanners and tools

sysmon-modular - A repository of sysmon configuration modules

MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform

sigma - Main Sigma Rule Repository

PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

ansible-role-elasticsearch - Ansible Role - Elasticsearch

SysmonTools - Utilities for Sysmon

vscode-sysmon - Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.

SysmonForLinux

SysmonConfigPusher - Pushes Sysmon Configs

Event-Forwarding-Guidance - Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

google-cloud-ops-agents-ansible - Ansible Role for Google Cloud Ops

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured