Sysmon Learning Resources
A curated and bespoke list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs, and additional GitHub repositories. You can now breeze through most of the content here: https://mhaggis.github.io/sysmon-dfir/ Sysmon Learning Resources General Community Guide TrustedSec Sysinternals Sysmon Community Guide Utilities SysmonHunter - An easy ATT&CK-based Sysmon hunting tool SysmonX - An Augmented Drop-In Replacement of Sysmon SysmonTools - Nader Shalabi Parse Sysmon logs - Matt Churchill, CrowdStrike Sysmon Config Bypass Finder - @MartinKorman Presentations Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) -- 2018 - Tom Ueltschi How to Go from Responding to Hunting with Sysinternals Sysmon - Mark Russinovich Tracking Hackers on Your Network with Sysinternals Sysmon - Mark Russinovich Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Video - Tom Ueltschi Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Slides - Tom Ueltschi Splunking the Endpoint - James Brodsky Splunking the Endpoint: “Hands on!”
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
Tool for visualizing correspondences between YARA ruleset and samples
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
Open source web app for storing and searching Actor related data from users and public repositories.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.