1170 Open source projects that are alternatives of or similar to Sysmon Config

Utilities for Sysmon

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Generic Signature Format for SIEM Systems

Open-source framework to detect outliers in Elasticsearch events

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

CIF v3 -- the fastest way to consume threat intelligence

ApplicationInsights-dotnet

This repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.

A network event stream processing system, in Clojure.

JustLog brings logging on iOS to the next level. It supports console, file and remote Logstash logging via TCP socket with no effort. Support for logz.io available.

Application Insights SDK for Python

Extract and aggregate threat intelligence.

Your Everyday Threat Intelligence

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

A repository of sysmon configuration modules

PHP logging library that is highly extendable and simple to use.

Linode Longview Agent

Threat research and reporting from IronNet's Threat Research Teams

Open Source EDR for Windows

Azure Application Insights SDK for PHP

.NET Logging adaptors

Open Source Smart Meter with focus on privacy - you remain the master of your data.

Sematext Docker Agent - host + container metrics, logs & event collector

Go Library [DEPRECATED]

Application Insights main repository for documentation of overall SDK offerings for all platforms.

Consolidation of various resources related to Microsoft Sysmon & sample data/log

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Bringing you the best of the worst files on the Internet.

Tracking APT IOCs

🚌 The missing link to connect open-source threat intelligence tools.

PatrowlHears - Vulnerability Intelligence Center / Exploits

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

the fastest way to consume threat intelligence.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Show some ❤️ to Node.js process errors

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Deploy and maintain Symon through the Splunk Deployment Sever

incident response scripts

[mirror] Install and manage self-hosted services/applications, on your own server(s) - ansible collection and utilities

Microsoft Application Insights SDK for Go

[Revamped] Go package for reading from continuously updated files (tail -f)

Exceptionless server and jobs

Easy log aggregation, indexing and searching

Python bindings for Yeti's API

Pushes Sysmon Configs

An extensible Java library for HTTP request and response logging

Microsoft Application Insights SDK for Node.js

recon-ng modules for Censys

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

Gohalt 👮‍♀🛑: Fast; Simple; Powerful; Go Throttler library

An extendable tool to extract and aggregate IoCs from threat feeds

Server metrics fetching agent, based on SIGAR

Recon Hunt Queries

Repository with Sample KQL Query examples for Threat Hunting