Main Sigma Rule Repository
-
Updated
Nov 25, 2024 - Python
Main Sigma Rule Repository
Sysmon configuration file template with default high-quality event tracing
Automate the creation of a lab environment complete with security tooling and logging best practices
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
A repository of sysmon configuration modules
Utilities for Sysmon
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
Test Blue Team detections without running any attack.
Endpoint detection & Malware analysis software
Sysmon EDR POC Build within Powershell to prove ability.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."