Sysmon Learning Resources Logo

Sysmon Learning Resources

0
Free
Visit Website

A curated and bespoke list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs, and additional GitHub repositories. You can now breeze through most of the content here: https://mhaggis.github.io/sysmon-dfir/ Sysmon Learning Resources General Community Guide TrustedSec Sysinternals Sysmon Community Guide Utilities SysmonHunter - An easy ATT&CK-based Sysmon hunting tool SysmonX - An Augmented Drop-In Replacement of Sysmon SysmonTools - Nader Shalabi Parse Sysmon logs - Matt Churchill, CrowdStrike Sysmon Config Bypass Finder - @MartinKorman Presentations Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) -- 2018 - Tom Ueltschi How to Go from Responding to Hunting with Sysinternals Sysmon - Mark Russinovich Tracking Hackers on Your Network with Sysinternals Sysmon - Mark Russinovich Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Video - Tom Ueltschi Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Slides - Tom Ueltschi Splunking the Endpoint - James Brodsky Splunking the Endpoint: “Hands on!”

FEATURES

ALTERNATIVES

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.

A set of configuration files to use with EclecticIQ's OpenTAXII implementation for MISP integration.

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.

A collection of tools and resources for threat hunters.

A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.

Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.

PINNED