Main Sigma Rule Repository

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Endpoint detection & Malware analysis software

ThreatSeeker: Threat Hunting via Windows Event Logs

Consolidation of various resources related to Microsoft Sysmon & sample data/log

System Processes Correlation Engine

A log-based Threat Hunting tool

This is actually a follow-up to "Mapping-Sysmonlogs-to-ATTACK". After you obtain the "syslog.csv" through program in that repository, you can convert the log into a graph structure with relations through this program

Extract logs based off events from sysmon. Comes as a package, cli and ui.

Utility to convert SysInternals' Sysmon binary configuration to XML

AI-Powered Sysmon Analysis Suite

Monitors system statistics and saves it in a csv-file format.

Utilities for working with and testing Sysmon configs against Windows Event Logs

This is a application for blockchain course project, implementing event logger with blockchain technology on Win11

Systems monitoring tool

Splunk scripted input to push and install sysmon, with the sysmon config forked by securiyshrimp, from Taylor Swift, to ignore splunk executables.

Windows 기반 APT 공격 실시간 탐지 및 대응 자동화 시스템

Minimal configuration for Security Operations Center