Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Top 15 Sysmon Open-Source Projects
Main Sigma Rule RepositoryProject mention: Looking for feedback on a security-related project idea | /r/AskNetsec | 2023-07-05
Idea: A free and open-source web repository of Sigma detections where users can find, contribute, and suggest edits to detections. All user contributions will go through a StackExchange-style moderation queue. Built-in conversion from Sigma to the query language of your choice.
Automate the creation of a lab environment complete with security tooling and logging best practicesProject mention: Cyber Lab Design | /r/Cybersecurity101 | 2023-03-13
I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
Sysmon configuration file template with default high-quality event tracingProject mention: Troubleshooting Intermittent Slowness on Network Share | /r/msp | 2023-07-07
https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
Block spying and tracking on WindowsProject mention: Request Tips on Privacy while using Windows 11 | /r/PrivacyGuides | 2023-05-22
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.Project mention: Threat hunting Playbooks | /r/cybersecurity | 2023-01-23
A repository of sysmon configuration modulesProject mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
Utilities for Sysmon
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
Open Source EDR for Windows
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logsProject mention: Chainsaw for Linux | /r/blueteamsec | 2023-03-05
You can compare with Zircolite which uses Sigma on Auditd, Sysmon For Linux or any JSON formatted logs. It works also on EVTX but that's not the subject.
Documentation and scripts to properly enable Windows event logs.Project mention: EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs. | /r/blueteamsec | 2023-06-04
Neutering Sysmon via driver unload
Pushes Sysmon ConfigsProject mention: SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time | /r/blueteamsec | 2023-06-11
Sysmon and wazuh integration with Sigma sysmon rules [updated] (by sametsazak)
Tired of breaking your main and manually rebasing outdated pull requests?. Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.
Sysmon related posts
Troubleshooting Intermittent Slowness on Network Share
1 project | /r/msp | 7 Jul 2023
Sysmon 15.0 is out now with advanced features
2 projects | /r/sysadmin | 29 Jun 2023
Sysmon not reading our config.xml-file
1 project | /r/sysadmin | 21 Jun 2023
SysmonConfigPusher: Pushes Sysmon Configs - 2 years old, but wasn't included at the time
1 project | /r/blueteamsec | 11 Jun 2023
Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
1 project | /r/msp | 31 May 2023
How do you actually threat hunt?
3 projects | /r/cybersecurity | 30 May 2023
How do I exclude specific event IDs in Sysmon?
1 project | /r/sysadmin | 15 Apr 2023
A note from our sponsor - InfluxDB
www.influxdata.com | 23 Sep 2023
What are some of the best open-source Sysmon projects? This list will help you: