Main Sigma Rule Repository
-
Updated
Jun 2, 2024 - Python
Main Sigma Rule Repository
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.
Atlas ITSI Content Pack for Linux Sysmon
Utilities for Sysmon
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
A repository of sysmon configuration modules
The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Simple system monitoring over MQTT
Analyzing PowerShell execution on Windows systems.
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Presentations
Converts Sysmon rules to uberAgent ESA Threat Detection rules
Sysmon configuration file template with default high-quality event tracing
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."