Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Top 15 Sysmon Open-Source Projects
-
Project mention: Looking for feedback on a security-related project idea | /r/AskNetsec | 2023-07-05
Idea: A free and open-source web repository of Sigma detections where users can find, contribute, and suggest edits to detections. All user contributions will go through a StackExchange-style moderation queue. Built-in conversion from Sigma to the query language of your choice.
-
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
-
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
-
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
You can compare with Zircolite which uses Sigma on Auditd, Sysmon For Linux or any JSON formatted logs. It works also on EVTX but that's not the subject.
-
Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04
-
-
-
Project mention: SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time | /r/blueteamsec | 2023-06-11
-
-
Mergify
Tired of breaking your main and manually rebasing outdated pull requests?. Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.
Sysmon related posts
- Troubleshooting Intermittent Slowness on Network Share
- Sysmon 15.0 is out now with advanced features
- Sysmon not reading our config.xml-file
- SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time
- Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
- How do you actually threat hunt?
- How do I exclude specific event IDs in Sysmon?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 23 Sep 2023
Index
What are some of the best open-source Sysmon projects? This list will help you:
Project | Stars | |
---|---|---|
1 | sigma | 6,721 |
2 | DetectionLab | 4,298 |
3 | sysmon-config | 4,263 |
4 | WindowsSpyBlocker | 4,216 |
5 | ThreatHunter-Playbook | 3,629 |
6 | sysmon-modular | 2,308 |
7 | SysmonTools | 1,383 |
8 | whids | 998 |
9 | sysmon-config | 706 |
10 | Zircolite | 515 |
11 | EnableWindowsLogSettings | 340 |
12 | iMonitorSDK | 284 |
13 | Shhmon | 210 |
14 | SysmonConfigPusher | 89 |
15 | sysmon | 49 |