Open-source projects categorized as Sysmon Edit details

Top 11 Sysmon Open-Source Projects

  • sigma

    Generic Signature Format for SIEM Systems

    Project mention: Sigma Rules: How YAML Textual Signatures Boost SOC Efficiency | | 2022-08-16

    Basic Sigma taxonomy and schema know-how are essential to be able to write Sigma Rules. Since it is in YAML, learning how to write rules should not be that much of a challenge. For those who are new to Sigma, the official Sigma GitHub page should be a good starting point.

  • DetectionLab

    Automate the creation of a lab environment complete with security tooling and logging best practices

    Project mention: Tool that automatically generates a realistic office scenario of vms? | | 2022-08-16

    I found a great starting point at the repo of DetectionLab :

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Project mention: Installing Sysmon Using PowerShell Invoke-Command | | 2022-06-25

    Also, might also want to check out for some examples and options.

  • WindowsSpyBlocker

    Block spying and tracking on Windows

    Project mention: What privacy enhancment script/app for Windows 10 is recommended nowadays? | | 2022-07-20

    Also, the New Oil recommends WindowsSpyBlocker so that may be another option for you.

  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

    Project mention: Cybersecurity Repositories | | 2022-05-31


  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | | 2022-05-16

    Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.

  • SysmonTools

    Utilities for Sysmon

    Project mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | | 2022-05-16
  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • Shhmon

    Neutering Sysmon via driver unload

  • iMonitorSDK


    Project mention: GitHub - wecooperate/iMonitorSDK: 系统监控开发套件(sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理)- System monitoring development kit (sysmon, promon, edr, terminal security, host security, zero trust, Internet behavior management) | | 2022-01-15
  • SysmonConfigPusher

    Pushes Sysmon Configs

  • sysmon

    Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)

    Project mention: Help Me Understand This Level 12 Sysmon Rule | | 2022-05-03

    Alright, I'm in the process of setting up wazuh for my organization. It's been working well with the default alerts it comes with. I wanted to try ingesting and alerting on sysmon logs so I added sysmon to a test endpoint (an IT workstation), added the necessary lines to ossec.conf, and added the ruleset mentioned here to the wazuh manager (local_rules.xml). Seems to be working, I see sysmon logs in wazuh and am now being overwhelmed by this level 12 alert...

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-08-16.

Sysmon related posts


What are some of the best open-source Sysmon projects? This list will help you:

Project Stars
1 sigma 5,398
2 DetectionLab 3,798
3 sysmon-config 3,688
4 WindowsSpyBlocker 3,391
5 ThreatHunter-Playbook 3,183
6 sysmon-modular 1,887
7 SysmonTools 1,281
8 Shhmon 193
9 iMonitorSDK 162
10 SysmonConfigPusher 55
11 sysmon 37
Find remote jobs at our new job board There are 3 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives