sysmon-modular VS atomic-red-team

Compare sysmon-modular vs atomic-red-team and see what are their differences.


A repository of sysmon configuration modules (by olafhartong)


Small and highly portable detection tests based on MITRE's ATT&CK. (by redcanaryco)
Our great sponsors
  • Scout APM - Truly a developer’s best friend
  • SonarLint - Clean code begins in your IDE with SonarLint
  • Zigi - Delete the most useless function ever: context switching.
  • InfluxDB - Build time-series-based applications quickly and at scale.
sysmon-modular atomic-red-team
11 20
2,034 6,825
- 1.8%
8.9 9.7
9 days ago 5 days ago
PowerShell PowerShell
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of sysmon-modular. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-09.


Posts with mentions or reviews of atomic-red-team. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-10-06.

What are some alternatives?

When comparing sysmon-modular and atomic-red-team you can also consider the following projects:

detection-rules - Rules for Elastic Security's detection engine

BLUESPAWN - An Active Defense and EDR software to empower Blue Teams

sigma - Generic Signature Format for SIEM Systems

sysmon-config - Sysmon configuration file template with default high-quality event tracing

Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.

security_content - Splunk Security Content

Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Windows-Toolkit - PS one-liner cmdlets for Windows security

APTSimulator - A toolset to make a system look as if it was the victim of an APT attack

Power-Response - Powering Up Incident Response with Power-Response