Sysmon DNS Queries Issues

This page summarizes the projects mentioned and recommended in the original post on /r/blueteamsec
Sysmon Threatintel threat-hunting sysinternals Windows

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    • Does anyone here use Sysmon, and have you used this SwiftOnSecurity config before? I am attempting to use it for the first time to track down processes triggering suspicious DNS queries, but it is not generating any Event 22s in Event Viewer, though it should be.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts