sysmon

Automate the creation of a lab environment complete with security tooling and logging best practices

Sysmon configuration file template with default high-quality event tracing

Block spying and tracking on Windows

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Utilities for Sysmon

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

Open Source EDR for Windows

Investigate suspicious activity by visualizing Sysmon's event log

Test Blue Team detections without running any attack.

Endpoint detection & Malware analysis software

Neutering Sysmon via driver unload

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

Signature Engine for Windows Event Logs

Pushes Sysmon Configs

A Ruleset to enhance detection capabilities of Ossec using Sysmon

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Sysmon Splunk App

Splunk App to assist Sysmon Threat Hunting

Sysmon and wazuh integration with Sigma sysmon rules [updated]

Deploy and maintain Symon through the Splunk Deployment Sever

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

A PowerShell script to prevent Sysmon from writing its events

Universal Winlogbeat configuration

Qt based replacement for gnome system monitor

System Processes Correlation Engine