Top 11 Sysmon Open-Source Projects
Generic Signature Format for SIEM SystemsProject mention: Sigma Rules: How YAML Textual Signatures Boost SOC Efficiency | dev.to | 2022-08-16
Basic Sigma taxonomy and schema know-how are essential to be able to write Sigma Rules. Since it is in YAML, learning how to write rules should not be that much of a challenge. For those who are new to Sigma, the official Sigma GitHub page should be a good starting point.
Automate the creation of a lab environment complete with security tooling and logging best practicesProject mention: Tool that automatically generates a realistic office scenario of vms? | reddit.com/r/cybersecurity | 2022-08-16
I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Sysmon configuration file template with default high-quality event tracingProject mention: Installing Sysmon Using PowerShell Invoke-Command | reddit.com/r/PowerShell | 2022-06-25
Also, might also want to check out https://github.com/SwiftOnSecurity/sysmon-config for some examples and options.
Block spying and tracking on WindowsProject mention: What privacy enhancment script/app for Windows 10 is recommended nowadays? | reddit.com/r/PrivacyGuides | 2022-07-20
Also, the New Oil recommends WindowsSpyBlocker so that may be another option for you.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.Project mention: Cybersecurity Repositories | reddit.com/r/netsecstudents | 2022-05-31
A repository of sysmon configuration modulesProject mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | reddit.com/r/sysadmin | 2022-05-16
Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.
Utilities for SysmonProject mention: Security Cadence: Sysmon (Logging Part 2 out of ?????) | reddit.com/r/sysadmin | 2022-05-16
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Neutering Sysmon via driver unload
系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）Project mention: GitHub - wecooperate/iMonitorSDK: 系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）- System monitoring development kit (sysmon, promon, edr, terminal security, host security, zero trust, Internet behavior management) | reddit.com/r/blueteamsec | 2022-01-15
Pushes Sysmon Configs
Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)Project mention: Help Me Understand This Level 12 Sysmon Rule | reddit.com/r/Wazuh | 2022-05-03
Alright, I'm in the process of setting up wazuh for my organization. It's been working well with the default alerts it comes with. I wanted to try ingesting and alerting on sysmon logs so I added sysmon to a test endpoint (an IT workstation), added the necessary lines to ossec.conf, and added the ruleset mentioned here to the wazuh manager (local_rules.xml). Seems to be working, I see sysmon logs in wazuh and am now being overwhelmed by this level 12 alert...
Sysmon related posts
Installing Sysmon Using PowerShell Invoke-Command
1 project | reddit.com/r/PowerShell | 25 Jun 2022
Integrating Sysmon events with Crowdsec
2 projects | reddit.com/r/CrowdSec | 16 May 2022
Security Cadence: Sysmon (Logging Part 2 out of ?????)
4 projects | reddit.com/r/sysadmin | 16 May 2022
Help Me Understand This Level 12 Sysmon Rule
1 project | reddit.com/r/Wazuh | 3 May 2022
splunk sysmon events
2 projects | reddit.com/r/Splunk | 2 Apr 2022
Sysmon DNS Queries Issues
1 project | reddit.com/r/blueteamsec | 28 Mar 2022
What's your approach to gathering data for DFIR analysis, and how much data do you typically gather?
2 projects | reddit.com/r/cybersecurity | 26 Mar 2022
What are some of the best open-source Sysmon projects? This list will help you:
Are you hiring? Post a new remote job listing for free.