Sysmon

Open-source projects categorized as Sysmon
Edit details
Language: + Python + Go + PowerShell + C# + HTML + Batchfile + C++
Topics: #threat-hunting #Windows #Dfir #Logging #Monitoring
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com
Sponsored

Top 15 Sysmon Open-Source Projects

  • sigma

    Main Sigma Rule Repository

    Project mention: Looking for feedback on a security-related project idea | /r/AskNetsec | 2023-07-05

    Idea: A free and open-source web repository of Sigma detections where users can find, contribute, and suggest edits to detections. All user contributions will go through a StackExchange-style moderation queue. Built-in conversion from Sigma to the query language of your choice.

  • DetectionLab

    Automate the creation of a lab environment complete with security tooling and logging best practices

    Project mention: Cyber Lab Design | /r/Cybersecurity101 | 2023-03-13

    I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Project mention: Troubleshooting Intermittent Slowness on Network Share | /r/msp | 2023-07-07

    https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.

  • WindowsSpyBlocker

    Block spying and tracking on Windows

    Project mention: Request Tips on Privacy while using Windows 11 | /r/PrivacyGuides | 2023-05-22

  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

    Project mention: Threat hunting Playbooks | /r/cybersecurity | 2023-01-23

  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

    I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

  • SysmonTools

    Utilities for Sysmon

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • whids

    Open Source EDR for Windows

  • sysmon-config

    Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

  • Zircolite

    A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

    Project mention: Chainsaw for Linux | /r/blueteamsec | 2023-03-05

    You can compare with Zircolite which uses Sigma on Auditd, Sysmon For Linux or any JSON formatted logs. It works also on EVTX but that's not the subject.

  • EnableWindowsLogSettings

    Documentation and scripts to properly enable Windows event logs.

    Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04

  • iMonitorSDK

    系统监控开发套件(sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理)

  • Shhmon

    Neutering Sysmon via driver unload

  • SysmonConfigPusher

    Pushes Sysmon Configs

    Project mention: SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time | /r/blueteamsec | 2023-06-11

  • sysmon

    Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)

  • Mergify

    Tired of breaking your main and manually rebasing outdated pull requests?. Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-07-07.

Sysmon related posts

Index

What are some of the best open-source Sysmon projects? This list will help you:

Project Stars
1 sigma 6,721
2 DetectionLab 4,298
3 sysmon-config 4,263
4 WindowsSpyBlocker 4,216
5 ThreatHunter-Playbook 3,629
6 sysmon-modular 2,308
7 SysmonTools 1,383
8 whids 998
9 sysmon-config 706
10 Zircolite 515
11 EnableWindowsLogSettings 340
12 iMonitorSDK 284
13 Shhmon 210
14 SysmonConfigPusher 89
15 sysmon 49

Sponsored
Tired of breaking your main and manually rebasing outdated pull requests?
Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.
blog.mergify.com