Main repository for crowdsec scenarios/parsers (by crowdsecurity)
Your use case sounds cool. Unfortunately CrowdSec is not very mature on Windows (yet). That being said we have just written a parser for sysmon. It's very much WIP and needs testing. Also there's not any scenarios yet so CrowdSec can't detect anything there yet. That being said we would love to collaborate with you on creating them if you're willing to invest time in it too. A good place to do that would be via our Discord (invite link under the subreddit description) where I will be happy to set up a dedicated channel where you can have direct access to our devs.
Sysmon configuration file template with default high-quality event tracing
Thank you for those wonderful news, i will be glad to collaborate and test it for the community, in fact i am already in Crowdsec Discord channel ,but it will take little bit more time for me to be familiar with Crowdsec integration (around 2 weeks) ,have some tasks in queue ,any way ,if its help we are using this set of rules sysmon rules , to prioritize our detection , in addition we using also Soar Suffle to automate some hash checking for certain folders and files against MISP and Malwarebazar workflows
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
Troubleshooting Intermittent Slowness on Network Share
1 project | /r/msp | 7 Jul 2023
Sysmon not reading our config.xml-file
1 project | /r/sysadmin | 21 Jun 2023
Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
1 project | /r/msp | 31 May 2023
How do I exclude specific event IDs in Sysmon?
1 project | /r/sysadmin | 15 Apr 2023
Finding the Process initiating a ping
1 project | /r/netsecstudents | 5 Apr 2023