DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
MalwlessTest Blue Team detections without running any attack.
WindowsspyblockerWindowsSpyBlocker 🛡️ is an application written in Go and delivered as
a single executable to block spying and
tracking on Windows systems.
WhidsOpen Source EDR for Windows
ShhmonNeutering Sysmon via driver unload
Windows event loggingWindows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Sysmon DfirSources, configuration and how to detect evil things utilizing Microsoft Sysmon.
SigmaGeneric Signature Format for SIEM Systems
SysmonsearchInvestigate suspicious activity by visualizing Sysmon's event log
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
ZircoliteA standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs