Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sametsazak/sysmon

Sysmon and wazuh integration with Sigma sysmon rules [updated]
https://github.com/sametsazak/sysmon

ossec security security-tools sigma sysmon sysmon-config wazuh wazuh-manager

Last synced: 21 days ago
JSON representation

Sysmon and wazuh integration with Sigma sysmon rules [updated]

Awesome Lists containing this project

README

        

# Sysmon - Wazuh Sigma Rules

Sysmon is a command line tool which allows us to monitor and track processes taking place in our computers. With the right configuration, suspicious behaviors can be detected by Sysmon and the detailed information will be stored in the generated log. For instance, the creation of a new process will be detected by Sysmon as “Event number 1”. This event will contain critical information that we could use to configure an active response or adopt other type of security measures.

# How to Install?

## Client Configuration
```
First, you should install Sysmon.

Download sysmon : https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

Setup Sysmon:

Sysmon64.exe -accepteula -i sysconfig.xml

Then,

Copy below to your client's ossec.conf file

Microsoft-Windows-Sysmon/Operational
eventchannel

Save it and restart agent.

## Server Configuration

Copy sysmon_rules.xml to /var/ossec/etc/rules/local_rules.xml

Save it restart manager.

Finished!

Rules are generated from Rules from https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon

Thanks.