Main Sigma Rule Repository

Sysmon configuration file template with default high-quality event tracing

Block spying and tracking on Windows

Automate the creation of a lab environment complete with security tooling and logging best practices

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A repository of sysmon configuration modules

Utilities for Sysmon

Open Source EDR for Windows

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Documentation and scripts to properly enable Windows event logs.

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Investigate suspicious activity by visualizing Sysmon's event log

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

Test Blue Team detections without running any attack.

Endpoint detection & Malware analysis software

Neutering Sysmon via driver unload

Sysmon EDR POC Build within Powershell to prove ability.