Sysmon Learning Resources
A curated and bespoke list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs, and additional GitHub repositories. You can now breeze through most of the content here: https://mhaggis.github.io/sysmon-dfir/ Sysmon Learning Resources General Community Guide TrustedSec Sysinternals Sysmon Community Guide Utilities SysmonHunter - An easy ATT&CK-based Sysmon hunting tool SysmonX - An Augmented Drop-In Replacement of Sysmon SysmonTools - Nader Shalabi Parse Sysmon logs - Matt Churchill, CrowdStrike Sysmon Config Bypass Finder - @MartinKorman Presentations Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) -- 2018 - Tom Ueltschi How to Go from Responding to Hunting with Sysinternals Sysmon - Mark Russinovich Tracking Hackers on Your Network with Sysinternals Sysmon - Mark Russinovich Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Video - Tom Ueltschi Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Slides - Tom Ueltschi Splunking the Endpoint - James Brodsky Splunking the Endpoint: “Hands on!”
FEATURES
ALTERNATIVES
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
Open source web app for storing and searching Actor related data from users and public repositories.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks with extensive functionality for log data analysis, threat intelligence enrichment, and visualization.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
An informational repo about hunting for adversaries in your IT environment.
RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.