Top 23 sysmon open source projects

Automate the creation of a lab environment complete with security tooling and logging best practices

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Test Blue Team detections without running any attack.

WindowsSpyBlocker 🛡️ is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems.

Open Source EDR for Windows

Endpoint detection & Malware analysis software

Neutering Sysmon via driver unload

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

A repository of sysmon configuration modules

Utilities for Sysmon

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Generic Signature Format for SIEM Systems

Investigate suspicious activity by visualizing Sysmon's event log

Sysmon configuration file template with default high-quality event tracing

incident response scripts

Sysmon Splunk App

Qt based replacement for gnome system monitor

Pushes Sysmon Configs

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Deploy and maintain Symon through the Splunk Deployment Sever