Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sysmon and wazuh integration with Sigma sysmon rules [updated]

Sysmon config for both Windows and Linux Devices. Windows one is a bit dated

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.

CeramicSkate0 Sysmon configuration fork file template with default high-quality event tracing

Converts Sysmon rules to uberAgent ESA Threat Detection rules

Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project

Utility to convert SysInternals' Sysmon binary configuration to XML

Ransomware focused Sysmon configuration file template with default high-quality event tracing

Sysmon configuration files

The Granted Access Converter is a utility designed to help users understand and interpret the GrantedAccess values found in Sysmon Event ID 10 logs.

Sysmon policies practice as XML