Security Cadence: Sysmon (Logging Part 2 out of ?????)

This page summarizes the projects mentioned and recommended in the original post on /r/sysadmin
Sysmon threat-hunting Threatintel sysinternals Windows

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    • There are also some excellent sample configuration files out there, and -in my opinion- the best of them is from Swift on Security: https://github.com/SwiftOnSecurity/sysmon-config

  • sysmon-modular

    A repository of sysmon configuration modules

    • Another really excellent resource (also called out by Swift) is Olaf Hartong’s Sysmon-Modular project: https://github.com/olafhartong/sysmon-modular As well as having a few full configs, Olaf’s project has modular XML configurations for each supported Sysmon Event ID. This can be incredibly helpful for fine tuning your configs.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • SysmonForLinux

    • Did you know that Sysmon is so fantastic that Microsoft ported it to Linux? They sure did and it is awesome. It can be found here: https://github.com/Sysinternals/SysmonForLinux

  • SysmonTools

    Utilities for Sysmon

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Software Hardening Tools for System Defense

    1 project | dev.to | 30 Apr 2024

  • Troubleshooting Intermittent Slowness on Network Share

    1 project | /r/msp | 7 Jul 2023

  • Sysmon not reading our config.xml-file

    1 project | /r/sysadmin | 21 Jun 2023

  • Cheap, Fast, Good and Simple Remote Monitoring for Small Environments

    1 project | /r/msp | 31 May 2023

  • How do I exclude specific event IDs in Sysmon?

    1 project | /r/sysadmin | 15 Apr 2023