SysmonSearch Logo

SysmonSearch

0
Free
Updated 11 March 2025
SIEM
Sysmon
Elasticsearch
Kibana
Event Log Analysis
Visit Website

SysmonSearch makes event log analysis more effective and less time-consuming by aggregating event logs generated by Microsoft's Sysmon. System Overview: SysmonSearch uses Elasticsearch and Kibana (and Kibana plugin). Elasticsearch collects/stores Sysmon's event log. Kibana provides a user interface for Sysmon's event log analysis. The following functions are implemented as Kibana plugin: Visualizes Function - visualizes Sysmon's event logs to illustrate correlation of processes and networks. Statistical Function - collects the statistics of each device or Sysmon's event ID. Monitor Function - monitors incoming logs based on preconfigured rules and triggers alerts. StixIoC server allows adding search/monitor conditions by uploading STIX/IOC files. From StixIoC server Web UI, you can upload STIXv1, STIXv2, and OpenIOC format files. To try SysmonSearch, you can either install software to your own Linux environment with the provided instructions or use the Docker image. For more details, please refer to the SysmonSearch wiki documentation.

FEATURES

EXPLORE BY TAGS

Sysmon

Elasticsearch

Kibana

Event Log Analysis

SIMILAR TOOLS

Elastic Logo
Elastic

Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.

Free
SIEM
LastActivityView Logo
LastActivityView

A tool that collects and displays user activity and system events on a Windows system.

Free
SIEM
Zircolite Logo
Zircolite

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

Free
SIEM
Sysdig Logo
Sysdig

Sysdig is a system visibility tool with native container support.

Free
SIEM
Splunk Security Content Logo
Splunk Security Content

Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.

Free
SIEM
LogonTracer Logo
LogonTracer

Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.

Free
SIEM
LogRhythm Axon Logo
LogRhythm Axon

A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.

Commercial
SIEM
RedELK Logo
RedELK

RedELK enhances Red Team operations with SIEM capabilities to monitor and alert on Blue Team activities.

Free
SIEM
GrokEVT Logo
GrokEVT

GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.

Free
SIEM

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy