Direct GitHub link bc ads. Like I commented last time I saw this project, I think it's a good starting point, but an important note: These mappings are 1:1. You should not limit your correlations to 1:1, but rather one ATT&CK term to many event IDs. Each technique can often be mapped to many, many different event IDs. And analysis / alerting on these events needs to be context aware, looking at other events before and after. When we approached this problem (mapping ATT&CK to detection logic) we realized there was almost never a scenario where event IDs could map 1:1 with the ATT&CK Matrix.
Breaking down MITRE ATT&CK for ICS techniques into MON Requirements?
2 projects | reddit.com/r/cybersecurity | 14 May 2022
splunk sysmon events
2 projects | reddit.com/r/Splunk | 2 Apr 2022
Best monitoring software that works like event logs?
2 projects | reddit.com/r/sysadmin | 21 Feb 2022
Hosts making DNS queries to malicious site. How to dig deeper and find source?
2 projects | reddit.com/r/AskNetsec | 9 Feb 2022
This Visual Studio Code extension is for heping in the writting of Sysmon XML configuration files - now supports Sysmon for Linux schema
3 projects | reddit.com/r/blueteamsec | 17 Oct 2021