Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
There are also some excellent sample configuration files out there, and -in my opinion- the best of them is from Swift on Security: https://github.com/SwiftOnSecurity/sysmon-config
Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.
Did you know that Sysmon is so fantastic that Microsoft ported it to Linux? They sure did and it is awesome. It can be found here: https://github.com/Sysinternals/SysmonForLinux