{"id":13728050,"url":"https://github.com/trustedsec/SysmonCommunityGuide","last_synced_at":"2025-05-08T00:31:14.795Z","repository":{"id":37621448,"uuid":"235658546","full_name":"trustedsec/SysmonCommunityGuide","owner":"trustedsec","description":"TrustedSec Sysinternals Sysmon Community Guide","archived":false,"fork":false,"pushed_at":"2024-05-21T23:57:31.000Z","size":16899,"stargazers_count":1141,"open_issues_count":7,"forks_count":164,"subscribers_count":79,"default_branch":"master","last_synced_at":"2024-11-11T18:02:56.917Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustedsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-22T20:18:22.000Z","updated_at":"2024-11-11T07:57:12.000Z","dependencies_parsed_at":"2024-01-07T16:32:17.399Z","dependency_job_id":"1f2a57a1-fba8-4984-b0c8-d19f00f968e2","html_url":"https://github.com/trustedsec/SysmonCommunityGuide","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FSysmonCommunityGuide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FSysmonCommunityGuide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FSysmonCommunityGuide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FSysmonCommunityGuide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustedsec","download_url":"https://codeload.github.com/trustedsec/SysmonCommunityGuide/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224679819,"owners_count":17351873,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T02:00:36.618Z","updated_at":"2024-11-14T19:30:37.955Z","avatar_url":"https://github.com/trustedsec.png","language":"CSS","funding_links":[],"categories":["Resources"],"sub_categories":["Event ID configuration and monitoring suggestions"],"readme":"\n\u003cp\u003e\u003cimg align=\"left\" width=\"100\" height=\"100\" src=\"chapters/media/tslogo.png\"\u003e\u003c/p\u003e\n\n# TrustedSec Sysmon Community Guide\n\n\u003cp align=\"center\"\u003e\u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-sa/4.0/\" style=\"display: inline-block; float: left; vertical-align: middle; margin: 10px;\"\u003e\u003cimg alt=\"Creative Commons License\" style=\"border-width:0\" src=\"https://i.creativecommons.org/l/by-sa/4.0/88x31.png\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\nThis work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](http://creativecommons.org/licenses/by-sa/4.0/), please attribute to TrustedSec LLC\n\n###### You are free to:\n\n**Share** — copy and redistribute the material in any medium or format.\n\n**Adapt** — remix, transform, and build upon the material.\n\nThe authors encourage you to redistribute this content as widely as possible, but require that you give credit to the primary authors below, and that you notify us on GitHub of any improvements you make.\n\nTable of Contents\n=================\n\n* [What is Sysmon](./chapters/what-is-sysmon.md)\n\n* Sysmon on Windows\n\n  * [The Sysmon Driver](./chapters/the-sysmon-driver.md)\n\n  * [Install and Configuration](./chapters/install_windows.md)\n\n* Sysmon on Linux\n  \n  * [sysinternalsEBPF](./chapters/eBPF.md)\n\n  * [Install and Configuration](./chapters/install_linux.md)\n\n* [Configuration](./chapters/configuration.md)\n\n* Sysmon Events\n\n  * [Process Events](./chapters/process-events.md)\n\n    * [Process Creation](./chapters/process-creation.md)\n\n    * [Process Termination](./chapters/process-termination.md)\n\n    * [Process Access](./chapters/process-access.md)\n\n  * File Events\n  \n    * [File Create](./chapters/file-create.md)\n\n    * [File Create Time Change](./chapters/file-create-time-change.md)\n\n    * [File Stream Creation Hash](./chapters/file-stream-creation-hash.md)\n\n    * [File Delete](./chapters/file-delete.md)\n\n    * [File Delete Detected](./chapters/file_delete_detected.md)\n\n    * [File Block EXE](./chapters/file-block-exe.md)\n    \n    * [File Block Shredding](./chapters/file-blockshredding.md)\n\n  * [Named Pipes](./chapters/named-pipes.md)\n\n  * [Driver Loading](./chapters/driver-loading.md)\n\n  * [Registry Actions](./chapters/registry-actions.md)\n\n  * [Image Loading](./chapters/image-loading.md)\n\n  * [Network Connections](./chapters/network-connections.md)\n\n  * [Create Remote Thread](./chapters/create-remote-thread.md)\n\n  * [Raw Access Read](./chapters/raw-access-read.md)\n\n  * [DNS Query](./chapters/dns-query.md)\n\n  * [WMI Events](./chapters/WMI-events.md)\n  \n  * [Clipboard Capture](./chapters/clipboard-capture.md)\n  \n  * [Process Image Tampering](./chapters/process-tampering.md)\n  \n## Current State:\n\nMicrosoft Sysinternals Sysmon is an ever changing piece of software provided by Microsoft free for its users. As such it is constantly being updated and new featured are added. As it relates to configurations this guide tries to be as open as possible since each environment is unique and recomendations are based on these contraints as much as possible. The guide is made Open Source so that as Sysmon evolves the comunity helps in expanding and maintaining the guide. \n\n## Contributing\n\nPlease use the issues system or GitHub pull requests to make corrections, contributions, and other changes to the text - we welcome your contributions!\n\n## Credits\n\nThis guide was originally written and edited by Carlos Perez of TrustedSec LLC.\n\n- **[MIT license](http://opensource.org/licenses/mit-license.php)**\n- Copyright 2020 © \u003ca href=\"https://www.trustedsec.com/\" target=\"_blank\"\u003eTrustedSec LLC\u003c/a\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2FSysmonCommunityGuide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustedsec%2FSysmonCommunityGuide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2FSysmonCommunityGuide/lists"}