Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sametsazak/sysmon

Sysmon and wazuh integration with Sigma sysmon rules [updated]
https://github.com/sametsazak/sysmon

ossec security security-tools sigma sysmon sysmon-config wazuh wazuh-manager

Last synced: 3 months ago
JSON representation

Sysmon and wazuh integration with Sigma sysmon rules [updated]

Awesome Lists containing this project

README 

        
# Sysmon - Wazuh Sigma Rules



Sysmon is a command line tool which allows us to monitor and track processes taking place in our computers. With the right configuration, suspicious behaviors can be detected by Sysmon and the detailed information will be stored in the generated log. For instance, the creation of a new process will be detected by Sysmon as “Event number 1”. This event will contain critical information that we could use to configure an active response or adopt other type of security measures.



# How to Install?



## Client Configuration

```

First, you should install Sysmon.



Download sysmon : https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon



Setup Sysmon: 



Sysmon64.exe -accepteula -i sysconfig.xml



Then, 



Copy below to your client's ossec.conf file



Microsoft-Windows-Sysmon/Operational

eventchannel



Save it and restart agent.



## Server Configuration



Copy sysmon_rules.xml to /var/ossec/etc/rules/local_rules.xml



Save it restart manager.



Finished!



Rules are generated from Rules from https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon



Thanks.