SwiftOnSecurity sysmon-config issues

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.74k stars 1.7k forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

SecurityProviders

#44 wolf0x closed 5 years ago
1
Error with Sysmon v6.20 DTD prohibited

#43 ghost closed 5 years ago
9
typo fixes

#42 Green-m closed 5 years ago
0
Info sec serenity mc afee exceptions

#41 InfoSecSerenity closed 6 years ago
1
Add Windows Trust registry keys to log

#40 mdunten opened 6 years ago
0
Rename patch-3 back to sysmonconfig-export.xml

#39 allykzam closed 7 years ago
1
added 2 registry persistence methods

#38 SwiftOnSecurity closed 7 years ago
0
added fltmc.exe detection, minifilter driver mngr

#37 olafhartong closed 7 years ago
0
added 2 registry persistence methods

#36 olafhartong closed 7 years ago
0
adding Splunk and Splunk UF exclusions

#35 olafhartong closed 6 years ago
1
errors in config

#34 johnmccash closed 5 years ago
0
MITRE ATT&CK Persistence detections

#33 vector-sec closed 7 years ago
0
Add ProcessAccess rules

#32 Green-m closed 6 years ago
0
Added 2 TargetFilenames

#31 olafhartong closed 7 years ago
0
typo fixes

#30 weslambert closed 2 years ago
1
fix "uninsteresting" typo

#29 dougburks closed 7 years ago
0
fix "proyx" typo

#28 dougburks closed 7 years ago
0
When is it an AND and when is it an OR ?

#27 KaptainKool closed 5 years ago
2
some ideas

#26 ceramicskate0 closed 6 years ago
0
Other persistence methods - SHIM, ServerLevelPluginDll

#25 Neo23x0 closed 3 years ago
1
Sysmon Event ID 7 : DLL (IMAGE) LOADED BY PROCESS not filtering

#24 jrwalzer closed 7 years ago
6
Error: Incorrect XML configuration: sysmonconfig-export.xml

#23 Chickenfoster closed 7 years ago
2
Merge pull request #1 from SwiftOnSecurity/master

#22 vector-sec closed 7 years ago
1
TargetObect "HKLM\..." with condition"end with"

#21 ManfMert closed 7 years ago
1
Removed duplicate, added new network rules

#20 Neo23x0 closed 7 years ago
1
Added powershell.exe network event monitoring

#19 Neo23x0 closed 7 years ago
0
Image exclusion is not working for FileCreate

#18 PetrPoleshko closed 7 years ago
3
test

#17 SwiftOnSecurity closed 7 years ago
0
Creating pull to review changes, will not be merging automatically

#16 SwiftOnSecurity closed 7 years ago
0
Exclude Dashlane

#15 NotAwful closed 7 years ago
0
NetworkConnect Exclusion Recommendation

#14 vector-sec closed 5 years ago
1
Review destination hostname filters

#13 SwiftOnSecurity closed 7 years ago
0
Powershell without Powershell Filters

#12 ion-storm closed 7 years ago
2
NetworkConnect Recommendation

#11 vector-sec closed 7 years ago
3
ipadress.com isnt malicious ipaddress.com is

#10 dweee closed 7 years ago
0
Monitor network traffic to dynamic DNS domains

#9 daniel-gallagher closed 7 years ago
2
excluded splunk in event id 1

#8 olafhartong closed 7 years ago
0
Minor typo

#7 rmanly closed 7 years ago
0
Typo?

#6 torgro closed 7 years ago
1
Dropbox Updater

#5 Darkbat91 closed 7 years ago
3
Include .cmd files which can also be used by batch scripts

#4 Phorofor closed 7 years ago
0
Extra semicolons prevent config import

#3 mmazanec closed 7 years ago
0
close comments in McAfee Image section

#2 rpunt closed 7 years ago
0
Addition of McAfee and Firefox

#1 Darkbat91 closed 7 years ago
0