Looking for inputs and validation for this network setup.

This page summarizes the projects mentioned and recommended in the original post on /r/AskNetsec
Sysmon Dfir threat-hunting mitre-attack Modular

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • auditd

    Best Practice Auditd Configuration

    • 2) There are many opensource solutions, and you hit on all the important ones. Think creativitly, and test all your controls. hit your boxes with Metaspoilt and atomic redteam. These tools will help you verify that you have the proper controls in place, and that you are able to detect attacks (successful, and failed). Run auditd with Florian Roth's rule set on your linux boxes (https://github.com/Neo23x0/auditd/blob/master/audit.rules ), and sysmon (https://github.com/olafhartong/sysmon-modular) on windows.

  • sysmon-modular

    A repository of sysmon configuration modules

    • 2) There are many opensource solutions, and you hit on all the important ones. Think creativitly, and test all your controls. hit your boxes with Metaspoilt and atomic redteam. These tools will help you verify that you have the proper controls in place, and that you are able to detect attacks (successful, and failed). Run auditd with Florian Roth's rule set on your linux boxes (https://github.com/Neo23x0/auditd/blob/master/audit.rules ), and sysmon (https://github.com/olafhartong/sysmon-modular) on windows.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Sysmon 15.0 is out now with advanced features

    2 projects | /r/sysadmin | 29 Jun 2023

  • Splunk & Sysmon as SIEM

    1 project | /r/Splunk | 11 Apr 2023

  • Researching SIEM

    1 project | /r/cybersecurity | 12 Jan 2023

  • GitHub - olafhartong/sysmon-modular: A repository of sysmon configuration modules

    1 project | /r/bag_o_news | 6 Aug 2021

  • A Sysmon configuration repository for everybody to customise

    1 project | /r/blueteamsec | 22 May 2021