1170 Open source projects that are alternatives of or similar to Sysmon Config

Gohalt 👮‍♀🛑: Fast; Simple; Powerful; Go Throttler library

Recon Hunt Queries

Virustotal Data to Timesketch

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Server metrics fetching agent, based on SIGAR

AwesomeWallpaper plays videos, shows images and system info on your desktop wallpaper

Repository with Sample KQL Query examples for Threat Hunting

A workshop on Packet Crafting using Scapy.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Application-embedded connectivity and zero-trust components

Random hunting ordiented yara rules

Python library using the MISP Rest API

Lightweight File Integrity Monitoring Tool

Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

A compilation of network scanning strategies to find vulnerable devices

An application metrics facade for the most popular monitoring tools. Think SLF4J, but for metrics.

The Hunting ELK

An Ansible role that installs Prometheus, in the format for Ansible Galaxy.

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

enpoint detection / live analysis & sandbox host / signatures quality test

Microsoft Sentinel SOC Operations

Ripzap - Fast and 0 allocs leveled JSON logger for Go ⚡️. Dependency free.

My personal experience in Threat Hunting and knowledge gained so far.

Defund the Police.

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

Leverage Sophos Central API

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Capture passwords of login attempts on non-existent and disabled accounts.

An open source SQL database designed to process time series data, faster

A Curated List of Prometheus Exporters

Best practices in threat intelligence

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

The FASTEST way to consume threat intel.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Important production-grade Kubernetes Ops Services

Malware Sample Sources

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

An extensible monitoring framework written in Swift

Single header C++ logging library. It is extremely powerful, extendable, light-weight, fast performing, thread and type safe and consists of many built-in features. It provides ability to write logs in your own customized format. It also provide support for logging your classes, third-party libraries, STL and third-party containers etc.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

Incident Response - Fast suspicious file finder

Scout - a Contactless Active Reconnaissance Tool

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

A Hangfire extension to store a log during job execution.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Hashes of infamous malware

Sysmon Splunk App

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Performance visualisation tools

InfluxDB broadcasting for Good process monitor

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..