sysmon-modular
A Sysmon configuration repository for everybody to customise. This is a Microsoft Sysinternals Sysmon configuration repository, set up modular for easier maintenance and generation of specific configs. Please keep in mind that any of these configurations should be considered a starting point, tuning per environment is strongly recommended. Note: to get even more value out of the FileExecutable event, consider getting the most up to date version of the LOLdrivers config merged into the config as well. You can easily do that by grabbing the file and adding it in the 29_file_execute_detected folder and generate a new config. The sysmonconfig.xml within the repo is automatically generated after a successful merge by the PowerShell script and a successful load by Sysmon in an Azure Pipeline run. More info on how to generate a custom config, incorporating your own modules here. Pre-Generated configurations: Type: Config: Description: default: sysmonconfig.xml: This is the balanced configuration, most used, more information here. default+: sysmonconfig-with-filedelete.xml: This is the balanced configuration, most used, more information including FileDelete file saves.
FEATURES
ALTERNATIVES
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Automate security incident handling and facilitate real-time activities of incident handlers.
Modular SOAR implementation in Python for security orchestration, automation, and response.
A custom activity repository for Ayehu NG automation platform, allowing users to create and modify activities to fit their specific needs.
Incident response platform for automating alert handling and incident response procedures.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.