Biapy's Bookmarks

sysmon

Sysmon for Linux

https://github.com/microsoft/SysmonForLinux

Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your network. Sysmon for Linux is part of Sysinternals.

foss linux microsoft monitoring open-source sysmon

Added 8 months ago

Zircolite

https://github.com/wagga40/Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs.

Comment effectuer une investigation numérique sur les journaux d’évènements Windows avec Zircolite ? @ IT-Connect :fr:.

auditd command-line evtx linux open-source security sigma sysmon

Added 1 year ago