Security Cadence: Sysmon (Logging Part 2 out of ?????)

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/sysadmin
#Sysmon #threat-hunting #Threatintel #sysinternals #Windows

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    There are also some excellent sample configuration files out there, and -in my opinion- the best of them is from Swift on Security: https://github.com/SwiftOnSecurity/sysmon-config

  • sysmon-modular

    A repository of sysmon configuration modules

    Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • SysmonForLinux

    Did you know that Sysmon is so fantastic that Microsoft ported it to Linux? They sure did and it is awesome. It can be found here: https://github.com/Sysinternals/SysmonForLinux

  • SysmonTools

    Utilities for Sysmon

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts