Main Sigma Rule Repository
-
Updated
May 6, 2026 - Python
#
sysmon
Here are 49 public repositories matching this topic...
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
Updated
Jan 12, 2026 - Python
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
detection logs python3 forensics dfir sysmon auditd sigma evtx sigma-rules dfir-automation forensics-tools pysigma dfir-tools evtxtract
-
Updated
Apr 6, 2026 - Python
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
-
Updated
Oct 25, 2023 - Python
Endpoint detection & Malware analysis software
-
Updated
Dec 20, 2019 - Python
Consolidation of various resources related to Microsoft Sysmon & sample data/log
-
Updated
Sep 20, 2021 - Python
ThreatSeeker: Threat Hunting via Windows Event Logs
-
Updated
May 16, 2023 - Python
Import and export custom Sysmon configurations using an interactive GUI that lets you build event rules, manage filters, and generate clean XML configs without manually editing Sysmon files.
-
Updated
Mar 10, 2026 - Python
System Processes Correlation Engine
-
Updated
Jan 2, 2024 - Python
A log-based Threat Hunting tool
-
Updated
Dec 27, 2022 - Python
Utility to convert SysInternals' Sysmon binary configuration to XML
-
Updated
Dec 3, 2023 - Python
Malware sandbox for automated PE/ELF analysis with EDR integration and behavioral monitoring. Open-source alternative to CAPE sandbox.
sandbox reverse-engineering sysmon malware-analysis avira trend kaspersky mcafee cape eset windows-defender threat-detection windows-security behavioral-analysis pe-analysis elf-analysis
-
Updated
Oct 27, 2025 - Python
This is actually a follow-up to "Mapping-Sysmonlogs-to-ATTACK". After you obtain the "syslog.csv" through program in that repository, you can convert the log into a graph structure with relations through this program
-
Updated
Apr 25, 2023 - Python
Extract logs based off events from sysmon. Comes as a package, cli and ui.
-
Updated
May 22, 2020 - Python
AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.
incident-response dfir cybersecurity openai wireshark sysmon siem malware-analysis risk-assessment kali-linux iso27001 threat-intelligence microsoft-azure sora defender-for-endpoint microsoft-sentinel any-run kql-threathunting
-
Updated
Jan 4, 2026 - Python
Machine-learning-based Sysmon host telemetry analysis with DistilBERT and explainability (SHAP, LIME, Ablation, Permutation Importance).
nlp machine-learning transformers cybersecurity sysmon lime explainable-ai threat-detection shap windows-security distilbert
-
Updated
Dec 1, 2025 - Python
POC framework for detecting LOLBin abuse in Sysmon logs using Splunk SPL. Implements 12 layered checks (signature matching, parent-child anomalies, threat intel, statistical baselines) with risk scoring for automated alert prioritization. Supports standalone Splunk or distributed n8n architecture.
splunk cybersecurity sysmon siem soar detection-rules mitre-attack threat-detection lolbins n8n lotl
-
Updated
Dec 2, 2025 - Python
Cloud security labs: DFIR, detection engineering, and SecOps across Azure Sentinel, AWS GuardDuty, and Entra ID
terraform incident-response dfir sysmon digital-forensics cloud-security threat-detection guardduty kql detection-engineering kusto-query-language microsoft-sentinel entra-id aws-secruity
-
Updated
Apr 29, 2026 - Python
Utilities for working with and testing Sysmon configs against Windows Event Logs
-
Updated
Jul 21, 2023 - Python
Improve this page
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."