lme
sysmon-cheatsheet
Our great sponsors
lme | sysmon-cheatsheet | |
---|---|---|
11 | 1 | |
684 | 512 | |
- | - | |
3.4 | 0.0 | |
about 1 year ago | over 2 years ago | |
Shell | ||
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lme
-
SysMon
This may help https://github.com/ukncsc/lme/blob/master/docs/chapter2.md
- Syslog Analyistics for cyberSecurity
-
500+ windows server logging
But if you're still commited: there are too many variables to calculate it with any amount of certainty but you can measure it. Start off by setting up event forwarding on a small batch of test servers with only security audit logs included in the default configuration. Let it run for a few days and measure the usage and extrapolate from there. How to do most of it, you're going to find from MS documentation, but NCSC has a nice summary of it here: https://github.com/ukncsc/lme
- Active Directory monitoring
-
What are the Implications of an automation tool, using PsExec to execute commands (of any kind) on client machines, from a domain controller?
Much appreciated. I'm a sole IT guy in a small shop so always keen to hear what others have found. I'm looking at: https://github.com/ukncsc/lme and Security Onion...
- Sysmon for SME <50 employees?
- All sysmon event types and their fields explained
-
Free EDR solutions
https://github.com/ukncsc/lme is this
-
I want to buy a SIEM, but I don't know which one
Use something based off of a free version of Elasticsearch, like Logging Made Easy: https://github.com/ukncsc/lme or SIEMMonster or Security Onion.
-
Requesting /r/lme - zero posts in 9 years and one inactive mod.
Would also be repurposing sub to be a resource for Logging Made Easy, a community SIEM project by UKNCSC: https://github.com/ukncsc/lme
sysmon-cheatsheet
What are some alternatives?
TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
eiq-er-ce - Community Edition of the EclecticIQ Endpoint Security Platform; An open source and extensible platform to manage and monitor endpoints, based on osqery agent
CortexDocs - Documentation of Cortex
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
plgx-esp - Community Edition of the PolyLogyx Endpoint Security Platform; An open source and extensible platform to manage and monitor endpoints, based on osqery agent
checkmk - Checkmk - Best-in-class infrastructure & application monitoring