Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
-
Updated
Sep 5, 2023 - HCL
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Sysmon and wazuh integration with Sigma sysmon rules [updated]
Sysmon config for both Windows and Linux Devices. Windows one is a bit dated
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
Converts Sysmon rules to uberAgent ESA Threat Detection rules
Utility to convert SysInternals' Sysmon binary configuration to XML
Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project
Ransomware focused Sysmon configuration file template with default high-quality event tracing
The Granted Access Converter is a utility designed to help users understand and interpret the GrantedAccess values found in Sysmon Event ID 10 logs.
Add a description, image, and links to the sysmon-config topic page so that developers can more easily learn about it.
To associate your repository with the sysmon-config topic, visit your repo's landing page and select "manage topics."