Integrating Sysmon events with Crowdsec

This page summarizes the projects mentioned and recommended in the original post on /r/CrowdSec

Our great sponsors
  • Onboard AI - Learn any GitHub repo in 59 seconds
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • SaaSHub - Software Alternatives and Reviews
  • hub

    Main repository for crowdsec scenarios/parsers (by crowdsecurity)

    Your use case sounds cool. Unfortunately CrowdSec is not very mature on Windows (yet). That being said we have just written a parser for sysmon. It's very much WIP and needs testing. Also there's not any scenarios yet so CrowdSec can't detect anything there yet. That being said we would love to collaborate with you on creating them if you're willing to invest time in it too. A good place to do that would be via our Discord (invite link under the subreddit description) where I will be happy to set up a dedicated channel where you can have direct access to our devs.

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Thank you for those wonderful news, i will be glad to collaborate and test it for the community, in fact i am already in Crowdsec Discord channel ,but it will take little bit more time for me to be familiar with Crowdsec integration (around 2 weeks) ,have some tasks in queue ,any way ,if its help we are using this set of rules sysmon rules , to prioritize our detection , in addition we using also Soar Suffle to automate some hash checking for certain folders and files against MISP and Malwarebazar workflows

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts