{"id":13844271,"url":"https://github.com/sametsazak/sysmon","last_synced_at":"2026-04-04T13:52:57.887Z","repository":{"id":48515418,"uuid":"148797132","full_name":"sametsazak/sysmon","owner":"sametsazak","description":"Sysmon and wazuh integration with Sigma sysmon rules [updated]","archived":false,"fork":false,"pushed_at":"2021-07-21T21:53:12.000Z","size":29,"stargazers_count":55,"open_issues_count":0,"forks_count":16,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-02-12T21:20:08.473Z","etag":null,"topics":["ossec","security","security-tools","sigma","sysmon","sysmon-config","wazuh","wazuh-manager"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sametsazak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-14T14:05:26.000Z","updated_at":"2024-01-25T05:30:18.000Z","dependencies_parsed_at":"2022-09-13T19:16:42.367Z","dependency_job_id":null,"html_url":"https://github.com/sametsazak/sysmon","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sametsazak/sysmon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sametsazak%2Fsysmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sametsazak%2Fsysmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sametsazak%2Fsysmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sametsazak%2Fsysmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sametsazak","download_url":"https://codeload.github.com/sametsazak/sysmon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sametsazak%2Fsysmon/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264909966,"owners_count":23682096,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ossec","security","security-tools","sigma","sysmon","sysmon-config","wazuh","wazuh-manager"],"created_at":"2024-08-04T17:02:39.086Z","updated_at":"2026-04-04T13:52:57.877Z","avatar_url":"https://github.com/sametsazak.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# Sysmon - Wazuh Sigma Rules\n\n\nSysmon is a command line tool which allows us to monitor and track processes taking place in our computers. With the right configuration, suspicious behaviors can be detected by Sysmon and the detailed information will be stored in the generated log. For instance, the creation of a new process will be detected by Sysmon as “Event number 1”. This event will contain critical information that we could use to configure an active response or adopt other type of security measures.\n\n\n# How to Install?\n\n## Client Configuration\n```\nFirst, you should install Sysmon.\n\nDownload sysmon : https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon\n\nSetup Sysmon: \n\nSysmon64.exe -accepteula -i sysconfig.xml\n\nThen, \n\nCopy below to your client's ossec.conf file\n\n\u003clocalfile\u003e\n\u003clocation\u003eMicrosoft-Windows-Sysmon/Operational\u003c/location\u003e\n\u003clog_format\u003eeventchannel\u003c/log_format\u003e\n\u003c/localfile\u003e\n\nSave it and restart agent.\n\n## Server Configuration\n\nCopy sysmon_rules.xml to /var/ossec/etc/rules/local_rules.xml\n\nSave it restart manager.\n\nFinished!\n\n\nRules are generated from Rules from https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon\n\nThanks.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsametsazak%2Fsysmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsametsazak%2Fsysmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsametsazak%2Fsysmon/lists"}