Top 11 Sysmon Open-Source Projects
-
Project mention: Sigma Rules: How YAML Textual Signatures Boost SOC Efficiency | dev.to | 2022-08-16
Basic Sigma taxonomy and schema know-how are essential to be able to write Sigma Rules. Since it is in YAML, learning how to write rules should not be that much of a challenge. For those who are new to Sigma, the official Sigma GitHub page should be a good starting point.
-
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
Project mention: Tool that automatically generates a realistic office scenario of vms? | reddit.com/r/cybersecurity | 2022-08-16I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
Project mention: Installing Sysmon Using PowerShell Invoke-Command | reddit.com/r/PowerShell | 2022-06-25
Also, might also want to check out https://github.com/SwiftOnSecurity/sysmon-config for some examples and options.
-
Project mention: What privacy enhancment script/app for Windows 10 is recommended nowadays? | reddit.com/r/PrivacyGuides | 2022-07-20
Also, the New Oil recommends WindowsSpyBlocker so that may be another option for you.
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
ThreatHunter-Playbook
-
Project mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | reddit.com/r/sysadmin | 2022-05-16
Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.
-
Project mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | reddit.com/r/sysadmin | 2022-05-16
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
-
Project mention: GitHub - wecooperate/iMonitorSDK: 系统监控开发套件(sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理)- System monitoring development kit (sysmon, promon, edr, terminal security, host security, zero trust, Internet behavior management) | reddit.com/r/blueteamsec | 2022-01-15
-
-
Alright, I'm in the process of setting up wazuh for my organization. It's been working well with the default alerts it comes with. I wanted to try ingesting and alerting on sysmon logs so I added sysmon to a test endpoint (an IT workstation), added the necessary lines to ossec.conf, and added the ruleset mentioned here to the wazuh manager (local_rules.xml). Seems to be working, I see sysmon logs in wazuh and am now being overwhelmed by this level 12 alert...
Sysmon related posts
- Installing Sysmon Using PowerShell Invoke-Command
- Integrating Sysmon events with Crowdsec
- Security Cadence: Sysmon (Logging Part 2 out of ?????)
- Help Me Understand This Level 12 Sysmon Rule
- splunk sysmon events
- Sysmon DNS Queries Issues
- What's your approach to gathering data for DFIR analysis, and how much data do you typically gather?
Index
What are some of the best open-source Sysmon projects? This list will help you:
Project | Stars | |
---|---|---|
1 | sigma | 5,398 |
2 | DetectionLab | 3,798 |
3 | sysmon-config | 3,688 |
4 | WindowsSpyBlocker | 3,391 |
5 | ThreatHunter-Playbook | 3,183 |
6 | sysmon-modular | 1,887 |
7 | SysmonTools | 1,281 |
8 | Shhmon | 193 |
9 | iMonitorSDK | 162 |
10 | SysmonConfigPusher | 55 |
11 | sysmon | 37 |
Are you hiring? Post a new remote job listing for free.