olafhartong/sysmon-parser

Stars
10
Rank 1,755,626 (Top 36 %)
Language
PowerShell
Created over 1 year ago
Updated 5 months ago

olafhartong/sysmon-parser

olafhartong

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Automatically generated Sysmon parser for Azure Sentinel

sysmon-modular

A repository of sysmon configuration modules

ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

sysmon-cheatsheet

All sysmon event types and their fields explained

ATTACKdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

MDE-AuditCheck

MDE relies on some of the Audit settings to be enabled

Presentations

My conference presentations

detection-sources

DefenderHarvester

Expose a lot of MDE telemetry that is not easily accessible in any searchable form

TA-Sysmon-deploy

Deploy and maintain Symon through the Splunk Deployment Sever

WDACme

A WDAC configuration repository with the sole intention of enriching MDE

parsoalto

Palo Alto Networks Rule Parser

Sentinel-template-parser

Azure Sentinel Template parser

SA-Threat-Hunting

Splunk app for Threat hunting

sysmon-modular-linux

A repository of Sysmon For Linux configuration modules

unfetter-discover

Unfetter-Discover Vagrant script for the Unfetter-Discover docker release

scripts

just random simple scripts

disposable-windows

A packer project to quickly have a test / dev / IR box

olafhartong

Clear-dminline

After migrating a Cisco ASA config to a Palo Alto config you remain with all these horrible DMINLINE objects, this tool resolves all members and replaces the ogroup object by its members

BHCEupload

A small go tool to upload JSON files to the BloodHound community edition API