Sysmon

Open-source projects categorized as Sysmon
Edit details
Language: + Python + Go + PowerShell + C# + HTML + Batchfile + C++
Topics: threat-hunting Windows Dfir Monitoring Logging
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

Top 15 Sysmon Open-Source Projects

  • sigma

    Main Sigma Rule Repository

    • Project mention: Sigma rules in real life | /r/cybersecurity | 2023-10-14

    Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    • Project mention: Software Hardening Tools for System Defense | dev.to | 2024-04-30

    cd c:\sysmon git clone https://github.com/SwiftOnSecurity/sysmon-config sysmon -accepteula -i sysmon-config/sysmon-config.xml

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • DetectionLab

    Automate the creation of a lab environment complete with security tooling and logging best practices

  • WindowsSpyBlocker

    Block spying and tracking on Windows

    • Project mention: Scripts to build a trimmed-down Windows 11 image | news.ycombinator.com | 2024-04-25

  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  • sysmon-modular

    A repository of sysmon configuration modules

    • Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

    I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

  • SysmonTools

    Utilities for Sysmon

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • whids

    Open Source EDR for Windows

  • sysmon-config

    Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

  • Zircolite

    A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

  • EnableWindowsLogSettings

    Documentation and scripts to properly enable Windows event logs.

    • Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04

  • iMonitorSDK

    系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)

  • Shhmon

    Neutering Sysmon via driver unload

  • SysmonConfigPusher

    Pushes Sysmon Configs

    • Project mention: SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time | /r/blueteamsec | 2023-06-11

  • sysmon

    Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Sysmon related posts

  • Software Hardening Tools for System Defense

    1 project | dev.to | 30 Apr 2024

  • Troubleshooting Intermittent Slowness on Network Share

    1 project | /r/msp | 7 Jul 2023

  • Sysmon 15.0 is out now with advanced features

    2 projects | /r/sysadmin | 29 Jun 2023

  • Sysmon not reading our config.xml-file

    1 project | /r/sysadmin | 21 Jun 2023

  • SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time

    1 project | /r/blueteamsec | 11 Jun 2023

  • Cheap, Fast, Good and Simple Remote Monitoring for Small Environments

    1 project | /r/msp | 31 May 2023

  • How do you actually threat hunt?

    3 projects | /r/cybersecurity | 30 May 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 7 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Sysmon projects? This list will help you:

Project Stars
1 sigma 7,649
2 sysmon-config 4,580
3 DetectionLab 4,476
4 WindowsSpyBlocker 4,460
5 ThreatHunter-Playbook 3,873
6 sysmon-modular 2,495
7 SysmonTools 1,449
8 whids 1,025
9 sysmon-config 751
10 Zircolite 598
11 EnableWindowsLogSettings 444
12 iMonitorSDK 321
13 Shhmon 216
14 SysmonConfigPusher 91
15 sysmon 55

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com