Security Cadence: Sysmon (Logging Part 2 out of ?????)

This page summarizes the projects mentioned and recommended in the original post on /r/sysadmin
Sysmon threat-hunting Threatintel sysinternals Windows

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    • There are also some excellent sample configuration files out there, and -in my opinion- the best of them is from Swift on Security: https://github.com/SwiftOnSecurity/sysmon-config

  • sysmon-modular

    A repository of sysmon configuration modules

    • Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • SysmonForLinux

    • Did you know that Sysmon is so fantastic that Microsoft ported it to Linux? They sure did and it is awesome. It can be found here: https://github.com/Sysinternals/SysmonForLinux

  • SysmonTools

    Utilities for Sysmon

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts