Sysmon Learning Resources Logo

Sysmon Learning Resources

0
Free
Visit Website

A curated and bespoke list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs, and additional GitHub repositories. You can now breeze through most of the content here: https://mhaggis.github.io/sysmon-dfir/ Sysmon Learning Resources General Community Guide TrustedSec Sysinternals Sysmon Community Guide Utilities SysmonHunter - An easy ATT&CK-based Sysmon hunting tool SysmonX - An Augmented Drop-In Replacement of Sysmon SysmonTools - Nader Shalabi Parse Sysmon logs - Matt Churchill, CrowdStrike Sysmon Config Bypass Finder - @MartinKorman Presentations Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) -- 2018 - Tom Ueltschi How to Go from Responding to Hunting with Sysinternals Sysmon - Mark Russinovich Tracking Hackers on Your Network with Sysinternals Sysmon - Mark Russinovich Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Video - Tom Ueltschi Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Slides - Tom Ueltschi Splunking the Endpoint - James Brodsky Splunking the Endpoint: “Hands on!”

FEATURES

ALTERNATIVES

A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.

Repository of Yara Rules created by TjNel.

The Web's Largest Community Tracking Online Fraud & Abuse

The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.

Packet Storm is a global security resource providing around-the-clock information and tools to mitigate personal data and fiscal loss on a global scale.

C# wrapper around Yara pattern matching library with Loki and Yara signature support.

Amazon GuardDuty is a threat detection service for AWS accounts.

A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.