Top 15 Sysmon Open-Source Projects

• sigma

  41 7,563 9.9 Python

  Main Sigma Rule Repository

  

Project mention: Sigma rules in real life | /r/cybersecurity | 2023-10-14

Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

• sysmon-config

  34 4,538 0.0

  Sysmon configuration file template with default high-quality event tracing

Project mention: Troubleshooting Intermittent Slowness on Network Share | /r/msp | 2023-07-07

https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• DetectionLab

  31 4,476 4.4 HTML

  Automate the creation of a lab environment complete with security tooling and logging best practices

• WindowsSpyBlocker

  42 4,437 0.0 Go

  Block spying and tracking on Windows

Project mention: Request Tips on Privacy while using Windows 11 | /r/PrivacyGuides | 2023-05-22

• ThreatHunter-Playbook

  4 3,859 0.0 Python

  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  

• sysmon-modular

  15 2,478 6.8 PowerShell

  A repository of sysmon configuration modules

Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

• SysmonTools

  2 1,442 3.5

  Utilities for Sysmon

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• whids

  3 1,025 0.0 Go

  Open Source EDR for Windows

  

• sysmon-config

  1 747 7.2 PowerShell

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

• Zircolite

  4 593 7.5 Python

  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

• EnableWindowsLogSettings

  1 441 4.1 Batchfile

  Documentation and scripts to properly enable Windows event logs.

  

Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04

• iMonitorSDK

  1 320 4.5 C++

  系统监控开发套件（sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱）

• Shhmon

  1 216 0.0 C#

  Neutering Sysmon via driver unload

• SysmonConfigPusher

  2 91 0.0 C#

  Pushes Sysmon Configs

  

Project mention: SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time | /r/blueteamsec | 2023-06-11

• sysmon

  2 55 1.8

  Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Sysmon related posts

• Troubleshooting Intermittent Slowness on Network Share
  1 project | /r/msp | 7 Jul 2023
• Sysmon 15.0 is out now with advanced features
  2 projects | /r/sysadmin | 29 Jun 2023
• Sysmon not reading our config.xml-file
  1 project | /r/sysadmin | 21 Jun 2023
• SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time
  1 project | /r/blueteamsec | 11 Jun 2023
• Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
  1 project | /r/msp | 31 May 2023
• How do you actually threat hunt?
  3 projects | /r/cybersecurity | 30 May 2023
• How do I exclude specific event IDs in Sysmon?
  1 project | /r/sysadmin | 15 Apr 2023
• A note from our sponsor - WorkOS
  workos.com | 19 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com