JPCERTCC / Sysmonsearch
Licence: other
Investigate suspicious activity by visualizing Sysmon's event log
Stars: ✭ 302
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Sysmonsearch
Microservices Sample
Sample project to create an application using microservices architecture
Stars: ✭ 167 (-44.7%)
Mutual labels: elasticsearch, kibana
Docker Elastic
Deploy Elastic stack in a Docker Swarm cluster. Ship application logs and metrics using beats & GELF plugin to Elasticsearch
Stars: ✭ 202 (-33.11%)
Mutual labels: elasticsearch, kibana
Elk Stack
ELK Stack ... based on Elastic Stack 5.x
Stars: ✭ 148 (-50.99%)
Mutual labels: elasticsearch, kibana
Ansible Elk
📊 Ansible playbook for setting up an ELK/EFK stack and clients.
Stars: ✭ 284 (-5.96%)
Mutual labels: elasticsearch, kibana
Elk Docker
Elasticsearch, Logstash, Kibana (ELK) Docker image
Stars: ✭ 1,973 (+553.31%)
Mutual labels: elasticsearch, kibana
Elastiflow
Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Stars: ✭ 2,322 (+668.87%)
Mutual labels: elasticsearch, kibana
Elastic Stack
Aprenda Elasticsearch, Logstash, Kibana e Beats do jeito mais fácil ⭐️
Stars: ✭ 135 (-55.3%)
Mutual labels: elasticsearch, kibana
Json Logging Python
Python logging library to emit JSON log that can be easily indexed and searchable by logging infrastructure such as ELK, EFK, AWS Cloudwatch, GCP Stackdriver
Stars: ✭ 143 (-52.65%)
Mutual labels: elasticsearch, kibana
Terraform Aws Elasticsearch
Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.
Stars: ✭ 137 (-54.64%)
Mutual labels: elasticsearch, kibana
Synesis lite suricata
Suricata IDS/IPS log analytics using the Elastic Stack.
Stars: ✭ 167 (-44.7%)
Mutual labels: elasticsearch, kibana
Elk Hole
elasticsearch, logstash and kibana configuration for pi-hole visualiziation
Stars: ✭ 136 (-54.97%)
Mutual labels: elasticsearch, kibana
Mirage
🎨 GUI for simplifying Elasticsearch Query DSL
Stars: ✭ 2,143 (+609.6%)
Mutual labels: elasticsearch, kibana
Vagrant Elastic Stack
Giving the Elastic Stack a try in Vagrant
Stars: ✭ 131 (-56.62%)
Mutual labels: elasticsearch, kibana
Docker Elk
The Elastic stack (ELK) powered by Docker and Compose.
Stars: ✭ 12,327 (+3981.79%)
Mutual labels: elasticsearch, kibana
SysmonSearch
SysmonSearch make event log analysis more effective and less time consuming, by aggregating event logs generated by Microsoft's Sysmon.
System Overview
SysmonSearch uses Elasticserach and Kibana (and Kibana plugin).
-
Elasticserach
Elasticsearch collects/stores Sysmon's event log. -
Kibana
Kibana provides user interface for your Sysmon's event log analysis. The following functions are implemented as Kibana plugin.- Visualizes Function
This function visualizes Sysmon's event logs to illustrate correlation of processes and networks. - Statistical Function
This function collects the statistics of each device or Sysmon's event ID. - Monitor Function
This function monitor incoming logs based on the preconfigured rules, and trigers alert.
- Visualizes Function
-
StixIoC server
You can add search/monitor condition by uploading STIX/IOC file. From StixIoC server Web UI, you can upload STIXv1, STIXv2 and OpenIOC format files.
Use SysmonSearch
To try SysmonSearch, you can either 1)install softwares to your own linux enviroment with following instractions or 2)use docker image:
Documentation
For details, please check the SysmonSearch wiki.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].