Projects in Awesome Lists tagged with sysmon
A curated list of projects in awesome lists tagged with sysmon .
https://github.com/sigmahq/sigma
Main Sigma Rule Repository
elasticsearch ids logging monitoring security siem signatures splunk sysmon
Last synced: 09 Sep 2025
https://github.com/SigmaHQ/sigma
Main Sigma Rule Repository
elasticsearch ids logging monitoring security siem signatures splunk sysmon
Last synced: 24 Mar 2025
https://github.com/swiftonsecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
logging monitoring netsec sysinternals sysmon threat-hunting threatintel windows
Last synced: 11 Oct 2025
https://github.com/SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
logging monitoring netsec sysinternals sysmon threat-hunting threatintel windows
Last synced: 24 Mar 2025
https://github.com/clong/detectionlab
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible detection detectionlab dfir dfir-automation information-security lab-environment osquery packer powershell sysmon terraform vagrant vagrantfile
Last synced: 14 May 2025
https://github.com/clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
ansible detection detectionlab dfir dfir-automation information-security lab-environment osquery packer powershell sysmon terraform vagrant vagrantfile
Last synced: 24 Mar 2025
https://github.com/otrf/threathunter-playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
dfir hunter hunting hunting-campaigns hypothesis mitre mitre-attack-db sysmon threat-hunting
Last synced: 17 Oct 2025
https://github.com/OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
dfir hunter hunting hunting-campaigns hypothesis mitre mitre-attack-db sysmon threat-hunting
Last synced: 24 Mar 2025
https://github.com/olafhartong/sysmon-modular
A repository of sysmon configuration modules
dfir mitre-attack modular security-tools sysmon threat-hunting
Last synced: 14 May 2025
https://github.com/nshalabi/sysmontools
Utilities for Sysmon
logging monitoring netsec sysinternals sysmon threat-hunting threat-intelligence threatintel windows
Last synced: 08 Apr 2025
https://github.com/nshalabi/SysmonTools
Utilities for Sysmon
logging monitoring netsec sysinternals sysmon threat-hunting threat-intelligence threatintel windows
Last synced: 22 Mar 2025
https://github.com/0xrawsec/whids
Open Source EDR for Windows
dfir edr ids sysmon threat-hunting windows
Last synced: 16 May 2025
https://github.com/netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
azure azure-sentinel blue-team cybersecurity detection kql logging mitre-attack security-tools siem sysmon sysmon-config terraform-azure threat-hunting workbooks
Last synced: 16 May 2025
https://github.com/mhaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Last synced: 30 Jan 2026
https://github.com/MHaggis/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Last synced: 24 Mar 2025
https://github.com/wagga40/zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
auditd detection evtx evtxtract forensics forensics-tools pysigma python3 sigma sigma-rules sysmon
Last synced: 06 Feb 2026
https://github.com/wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
auditd detection evtx evtxtract forensics forensics-tools pysigma python3 sigma sigma-rules sysmon
Last synced: 12 Jul 2025
https://github.com/RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Last synced: 12 Jul 2025
https://github.com/jpcertcc/sysmonsearch
Investigate suspicious activity by visualizing Sysmon's event log
elasticsearch kibana security stix stix2 sysmon
Last synced: 05 Apr 2025
https://github.com/JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
elasticsearch kibana security stix stix2 sysmon
Last synced: 23 Apr 2025
https://github.com/wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
access-control defender edr endpoint-security etw kernel monitoring-tool procmon security sysmon zero-trust
Last synced: 11 Jul 2025
https://github.com/yarox24/attack_monitor
Endpoint detection & Malware analysis software
endpoint-security malware-analysis security-tools sysmon
Last synced: 23 Mar 2025
https://github.com/ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
Last synced: 03 Feb 2026
https://github.com/sametsazak/sysmon
Sysmon and wazuh integration with Sigma sysmon rules [updated]
ossec security security-tools sigma sysmon sysmon-config wazuh wazuh-manager
Last synced: 11 Jul 2025
https://github.com/karib0u/rustinel
Windows EDR agent in Rust. ETW telemetry → Sigma/YARA detection → ECS alerts. User-mode, open-source, high-performance.
blue-team detection-engineering edr endpoint-detection etw incident-response malware-detection rust security-tools siem sigma sysmon threat-detection windows-security yara
Last synced: 04 Mar 2026
https://github.com/mhaggis/app_splunk_sysmon_hunter
Splunk App to assist Sysmon Threat Hunting
Last synced: 13 Apr 2025
https://github.com/olafhartong/ta-sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
dfir splunk splunk-deployment sysmon threat-hunting
Last synced: 06 Oct 2025
https://github.com/jhochwald/universal-winlogbeat-configuration
Universal Winlogbeat configuration
examples filebeat filter graylog logging siem sysmon universal windows windows-10 windows-server winlogbeat yml
Last synced: 05 Oct 2025
https://github.com/ajackal/ir_scripts
incident response scripts
dfir forensics incident-response powershell sysmon threat-hunting windows
Last synced: 15 Apr 2025
https://github.com/kara-4search/windowseventlogsbypass_csharp
Bypass windows eventlogs & Sysmon
administrator-privilege avatar bypass bypass-uac csharp eventlogs pentest redteam sleep sysmon
Last synced: 23 Apr 2025
https://github.com/mutedmouse/helk4so
This repository is for integrating HELK capabilities into Security Onion instances. This will be an evolving extension to both products and as such this not contributed directly to either the HELK or SecurityOnion. Please both use at your own risk and enjoy.
Last synced: 11 May 2025
https://github.com/knightchaser/aesir
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
evtx evtx-analysis golang log-analysis log-parser mongodb mux nosql sysmon web
Last synced: 27 Feb 2026
https://github.com/thejanit0r/sysmon-bin2xml
Utility to convert SysInternals' Sysmon binary configuration to XML
config kaitai kaitai-struct sysmon sysmon-config xml
Last synced: 21 Aug 2025
https://github.com/ashton-sidhu/sysmon-extract
Extract logs based off events from sysmon. Comes as a package, cli and ui.
data-science dataengineering infosec spark streamlit sysmon threat-intelligence threathunting
Last synced: 06 May 2025
https://github.com/bocaletto-luca/pc-info
PC-Info - SysmonDotNet Cross-platform Linux service in C# .NET 7 • System metrics (CPU, Mem, Disk, Net) • Records in SQLite • Exposes /api/metrics and /metrics (Prometheus) • Health check /health • Configurable interval, DI, logging, Swagger ...
bocaletto-luca c-sharp linux opensource pc-info sysmon
Last synced: 19 Oct 2025
https://github.com/her3ticavi/merlin
Incident Response Script Grabs logs
admin automation automation-framework logging logs microsoft sysmon windows
Last synced: 26 Mar 2025
https://github.com/scrymastic/edr-agent
A tool for monitoring system events and sending relevant information to the EDR server for further analysis and response.
cpp17 edr logs monitoring sysmon windows
Last synced: 13 Mar 2025
https://github.com/potato-industries/gohima
proof of concept intrusion mitigation tool written in go for windows. (Sysmon eventlogs and Sigma .yml signature rules)
experiment go intrusion-detection intrusion-detection-system intrusion-mitigation mitigation sigma sysmon
Last synced: 27 Oct 2025
https://github.com/toolshive/intrudex
A cutting-edge, real-time security monitoring system, designed to revolutionize your network's defense
ai-integration alpinejs antrophic final-project final-year-project flask flask-dashboard fyp htmx htmx-flask intrusion-detection-system intrusion-prevention-system jinja2 jinja2-templates lahore-garrison-university logs openai sysmon sysmon-config tailwindcss
Last synced: 06 Mar 2026
https://github.com/asmae-amahrouk/sysmon-wazuh
Implementing a comprehensive and scalable security monitoring solution for Windows endpoint.
cybersecurity elk-stack endpoint-security sysmon wazuh wazuh-agent wazuh-manager windows-10
Last synced: 25 Oct 2025
https://github.com/morgant/sysmon-startupitem
Sysmon StartupItem/launchd job
Last synced: 02 Jul 2025
https://github.com/knightchaser/docker-elk-winlogbeat
Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)
docker-elk elasticsearch elasticsearch-server elk elk-stack sysmon windows winlogbeat
Last synced: 23 Mar 2025
https://github.com/dikayx/elk-siem
A lightweight SIEM solution using the ELK stack, Docker, Winlogbeat and Sysmon for efficient log collection and analysis.
docker elk siem sysmon windows winlogbeat
Last synced: 15 Sep 2025
https://github.com/alt-react/active-directory-home-lab
Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.
active-directory active-directory-domain-controller active-directory-domain-services configuration configuration-management cybersecurity cybersecurity-tools kali-linux nat siem splunk sysmon ubuntu-server virtual-machine virtualbox virtulization vm windows-10 windows-server-2022
Last synced: 23 Feb 2026
https://github.com/torxed/sysmon
Monitors system statistics and saves it in a csv-file format.
Last synced: 24 Mar 2025
https://github.com/knightchaser/windowssystemmonitor
Sysmon policies practice as XML
auditing sysmon sysmon-config windows
Last synced: 23 Mar 2025
https://github.com/knightchaser/sysmonsimulator
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
commandline commandline-tool eventlog golang sysmon sysmonsimulator winapi windows
Last synced: 26 Jun 2025
https://github.com/likith1202/soc-automation-lab
A hands-on SOC Automation Lab built using Wazuh, TheHive, Cortex, and ELK. Demonstrates real-time threat detection, alert forwarding, and automated incident response in a simulated enterprise environment.
cassandra elasticsearch securityoperationscenter shuffle sysmon thehive wazuh
Last synced: 08 Aug 2025
https://github.com/humzaakhtarr/ElasticSearch-using-Sysmon
A step-by-step guide for setting up an SIEM using the Elastic Web Portal and Sysmon. You will learn how to generate security events on the windows machine, set up Sysmon on your windows machine. Generate few events by writing few commands on Windows PowerShell and forward records to the SIEM, and query and analyze the logs using Kibana in the SIEM.
cybersecurity elasticsearch elk-stack kibana security sysmon
Last synced: 22 Oct 2025
https://github.com/g0urmetd/sysmonguard
SysmonGuard is a modular and production-ready PowerShell tool designed for enterprise environments. It automates the installation, configuration, and uninstallation of Sysmon on Windows clients using best practices.
automation sysmon sysmon-config windows windows-10 windows-11
Last synced: 16 May 2025
https://github.com/ghost-7a/attack-technique-emulation-wazuh
A project showcasing attack technique emulation using MITRE ATT&CK and detection with Wazuh, Sysmon, and Atomic Red Team.
atomic-red-team detection docker-container intrusion-detection-system mitre-attack sysmon wazuh
Last synced: 16 Mar 2025
https://github.com/0xlam/remotemonitoringsetup
Automates Windows event log configuration, Sysmon installation, and Splunk Universal Forwarder deployment on remote machines.
automation event-logs powershell remote-monitoring security splunk sysmon windows
Last synced: 06 Oct 2025
https://github.com/knightchaser/sentinela
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
evtx go opensource parsing sysmon
Last synced: 07 Oct 2025
https://gitlab.com/bcareil/tmux-status-sysperf
Basic system performance monitor for tmux status line.
Last synced: 12 Mar 2025
https://github.com/dacyborg87/cybersecurity-labs
Collection of my cybersecurity homelab projects
home-lab home-lab-dashboard home-lab-detections kali-linux linux siem suricata sysmon threat-hunting ubuntu ubuntu-server wazuh wazuh-agent windows windows-11
Last synced: 09 Oct 2025
https://github.com/humzaakhtarr/elasticsearch-using-sysmon
A step-by-step guide for setting up an SIEM using the Elastic Web Portal and Sysmon. You will learn how to generate security events on the windows machine, set up Sysmon on your windows machine. Generate few events by writing few commands on Windows PowerShell and forward records to the SIEM, and query and analyze the logs using Kibana in the SIEM.
cybersecurity elasticsearch elk-stack kibana security sysmon
Last synced: 17 Jun 2025
