Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / SwiftOnSecurity/sysmon-config issues and pull requests

#194 - Is this config now abandoned?

Issue - State: open - Opened by IKBBangor 3 months ago

#193 - Loldrivers extension

Pull Request - State: open - Opened by khulnasoft-bot 4 months ago

#192 - Where are Windows Event ID???

Issue - State: open - Opened by piExpr 5 months ago - 1 comment

#191 - LSA Credential Guard

Issue - State: open - Opened by piExpr 5 months ago

#189 - Can help show me the code how to sysmon use eventID 23, 26 ?

Issue - State: open - Opened by sokvathana 10 months ago - 1 comment

#188 - sysmon erronious sysmon not installed error

Issue - State: open - Opened by snsdevelopment2 over 1 year ago

#187 - Add overview documentation for Sysmon configuration

Pull Request - State: closed - Opened by ghost over 1 year ago

#186 - Patch FileCreate include - Capture .xsl instead of .xls

Pull Request - State: closed - Opened by ghost over 1 year ago

#185 - Sysmon Installation Issue - wevtutil.exe returned failure

Issue - State: open - Opened by FleetwoodBat over 1 year ago - 2 comments

#183 - Sysmon v15.0 & 29 Events

Issue - State: open - Opened by Achi79 over 1 year ago - 2 comments

#182 - Loldrivers extension

Pull Request - State: closed - Opened by Neo23x0 over 1 year ago - 1 comment

#181 - Incorrect XML Configuration - Sysmon 14.16

Issue - State: open - Opened by eastcoastnjdc over 1 year ago

#180 - Accept EULA cannot combine with loading a config

Pull Request - State: open - Opened by HenkPoley over 1 year ago - 1 comment

#179 - Line 239 registry formatting

Pull Request - State: open - Opened by kevinelwell over 1 year ago

#178 - 28 Event ID...

Issue - State: open - Opened by Achi79 over 1 year ago - 1 comment

#177 - Event 22 DNS Query issue - not generating event from browsers

Issue - State: open - Opened by patzak88 almost 2 years ago - 12 comments

#176 - Add pwsh.exe to list of suspicious Windows tools

Pull Request - State: open - Opened by connorcarnes almost 2 years ago

#175 - Sysmon 14.13: Crash with sysmon-config on Windows 2012 R2

Issue - State: closed - Opened by cmengle-ipc almost 2 years ago - 1 comment

#174 - Added Installscript

Pull Request - State: open - Opened by bytew0lf almost 2 years ago

#173 - Include vs Exclude precedence

Issue - State: closed - Opened by ag-michael almost 2 years ago - 1 comment

#172 - Fix few bugs

Pull Request - State: closed - Opened by jatgh about 2 years ago

#170 - Many errors when install

Pull Request - State: open - Opened by MrAndrii about 2 years ago - 1 comment

#169 - Capturing deleted files

Issue - State: open - Opened by harryray33 about 2 years ago

#168 - Outdated link inside the sysmon-config

Issue - State: open - Opened by mab0189 over 2 years ago - 1 comment

#167 - Event 22 not generating

Issue - State: closed - Opened by cyberminded over 2 years ago - 1 comment

#166 - Event Id 10 not being generated

Issue - State: open - Opened by neverkknown over 2 years ago - 1 comment

#165 - Sysmon for Linux

Issue - State: open - Opened by reuvygroovy over 2 years ago - 3 comments

#164 - Add some "TargetFilename" in "SYSMON EVENT ID 15" section

Pull Request - State: open - Opened by matcha-shake over 2 years ago

#162 - Parser error with Sysmon v13.32 installation/configuration

Issue - State: open - Opened by j8ter almost 3 years ago

#161 - About powershell cmdlet module

Issue - State: open - Opened by fullzlop about 3 years ago

#160 - Update the Antivirus Tampering configuration, using general condition

Pull Request - State: open - Opened by hieuttmmo about 3 years ago - 1 comment

#159 - test

Pull Request - State: open - Opened by w09rkerbee about 3 years ago - 1 comment

#158 - Installed sysmon cannot see any event logs

Issue - State: closed - Opened by zhex900 about 3 years ago - 1 comment

#157 - Detect AV exclusions made in Policy Key

Pull Request - State: closed - Opened by f-bader over 3 years ago

#156 - Add Splunk exclusions per sysmon-modular

Pull Request - State: open - Opened by DustyMMiller over 3 years ago - 1 comment

#155 - Registry key to detect definitions of Windows Defender Exclusions

Pull Request - State: open - Opened by phantinuss over 3 years ago

#154 - Outlook Webview URL changes

Pull Request - State: open - Opened by humpalum over 3 years ago

#153 - Event id 26

Pull Request - State: closed - Opened by Richman711 over 3 years ago

#152 - EVENT ID 23 example typo

Issue - State: closed - Opened by Richman711 over 3 years ago

#151 - Important and relevant NamedPipe names

Pull Request - State: closed - Opened by Neo23x0 over 3 years ago - 6 comments

#150 - Added named pipe used by Cobalt Strike

Pull Request - State: open - Opened by WojciechLesicki over 3 years ago

#149 - Fix FileDelete example.

Pull Request - State: open - Opened by sigalpes over 3 years ago

#148 - Add exclusion for WUDFHost.exe to Event 11

Pull Request - State: open - Opened by lord-garmadon over 3 years ago

#147 - Corrected event name for Event ID 23

Pull Request - State: open - Opened by lord-garmadon over 3 years ago

#146 - Monitor for .js files for Microsoft JScript

Pull Request - State: open - Opened by KevinDeNotariis over 3 years ago

#145 - Added WinRM ports and Service names

Pull Request - State: open - Opened by tobor88 over 3 years ago

#144 - Add ASP files for webshells

Pull Request - State: open - Opened by GossiTheDog over 3 years ago

#143 - Update NetworkConnect rule to fix Metasploit default port

Pull Request - State: open - Opened by brokenvhs over 3 years ago

#142 - Wrong Port for Metasploit in NetworkConnect Rule

Issue - State: open - Opened by brokenvhs over 3 years ago - 1 comment

#141 - DNS Query - Exclude hostname resolution on localhost - EventID 22

Issue - State: closed - Opened by ivicaagatunovic over 3 years ago - 1 comment

#140 - Ransomware artifacts added to File Creation config

Pull Request - State: open - Opened by sduff over 3 years ago - 2 comments

#139 - SANS Commandline browser

Issue - State: open - Opened by ChrisM65 over 3 years ago

#138 - Duplicate entry

Issue - State: open - Opened by ChrisM65 over 3 years ago

#137 - pullFromSoS210121

Pull Request - State: closed - Opened by 8u8 almost 4 years ago

#136 - Crash: Sysmon v13.00 + sysmonconfig-export.xml

Issue - State: open - Opened by BeanBagKing almost 4 years ago - 5 comments

#135 - Sysmon de-installed. Still many EventID 1001, APPCRASH Sysmon64.exe (every 20 sec)

Issue - State: open - Opened by Wim277 almost 4 years ago - 4 comments

#134 - RE: sysmonconfig-export.xml

Issue - State: open - Opened by zabboto almost 4 years ago - 1 comment

#133 - Adding GrantedAccess filter for catching credential dump.

Issue - State: open - Opened by deftoner almost 4 years ago

#132 - update configuration

Issue - State: open - Opened by Achi79 almost 4 years ago - 1 comment

#131 - Sysmon performance issues

Issue - State: closed - Opened by Cappucinoes about 4 years ago - 3 comments

#130 - MiniNT registry key check

Pull Request - State: open - Opened by ThisIsNotTheUserYouAreLookingFor about 4 years ago - 2 comments

#129 - Sysmon installation issue

Issue - State: open - Opened by MarkAndreson about 4 years ago - 1 comment

#128 - Update Q3 2020

Pull Request - State: closed - Opened by axi0m about 4 years ago

#127 - Configuring EventId 15 for exe and dll files

Issue - State: open - Opened by joydragon about 4 years ago

#126 - File updated - Sysmon Event ID

Issue - State: open - Opened by kont45 over 4 years ago - 1 comment

#125 - ProxyEnable Setting in Registry

Pull Request - State: closed - Opened by Neo23x0 over 4 years ago

#124 - join with new version

Issue - State: closed - Opened by y0d4a over 4 years ago

#123 - Edge is out of Dev

Issue - State: open - Opened by neildotwilliams over 4 years ago

#121 - EventID 15: FileCreateStreamHash recording N times in eventviewer

Issue - State: open - Opened by Yuvraj-Takey over 4 years ago - 3 comments

#120 - Added logging for Outbound SMB Traffic.

Pull Request - State: closed - Opened by d4rk-d4nph3 over 4 years ago - 1 comment

#119 - Added Consent Store to included registry paths

Pull Request - State: closed - Opened by svch0stz over 4 years ago

#118 - Added detection for CVE-2017-0199 and CVE-2017-8759.

Pull Request - State: open - Opened by d4rk-d4nph3 over 4 years ago - 2 comments

#117 - No Sysmon Event ID 1 events are being logged

Issue - State: open - Opened by lindonzoo over 4 years ago - 3 comments

#116 - Didn'n instaled with -n parameters.

Issue - State: open - Opened by slavaNBA over 4 years ago - 4 comments

#113 - Delete 'z-AlphaVersion.xml'-related text and link

Pull Request - State: closed - Opened by wikijm over 4 years ago - 1 comment

#111 - Wrong Metasploit default port on sysmon-config > Alert,Metasploit

Issue - State: open - Opened by snake-jump over 4 years ago - 1 comment

#106 - Added most of the missing LOLBAS for downloading executables

Pull Request - State: closed - Opened by MaxNad almost 5 years ago - 1 comment

#105 - Change Metasploit Alert port from 444 to 4444

Pull Request - State: closed - Opened by ION28 almost 5 years ago - 3 comments

#102 - Fixed wdigest registry path

Pull Request - State: closed - Opened by qz8xTD almost 5 years ago - 1 comment

#101 - Include Imphash

Pull Request - State: closed - Opened by Neo23x0 almost 5 years ago - 4 comments

#100 - unnecessary shout out to Alpha version for DNS logging

Pull Request - State: closed - Opened by itpropaul almost 5 years ago - 1 comment

#99 - templating for easier maintaining

Issue - State: open - Opened by brettowe almost 5 years ago - 2 comments

#98 - Add scripting filename targets

Pull Request - State: closed - Opened by bartblaze almost 5 years ago - 1 comment

#97 - Included some of the entries from PR to sysmonconfig-export.xml

Pull Request - State: closed - Opened by cudeso about 5 years ago - 1 comment

#96 - Possible Typo - Line 509

Issue - State: closed - Opened by mc22catch about 5 years ago - 1 comment

#95 - IMAP port typo error

Issue - State: open - Opened by zulik about 5 years ago - 1 comment

#94 - The description for Event ID 1 from source Microsoft-Windows-Sysmon cannot be found

Issue - State: open - Opened by rdf6 about 5 years ago - 2 comments

#93 - Event 10 ProcessAccess - CPU Load

Issue - State: closed - Opened by gamble3 about 5 years ago - 1 comment

#92 - Keyboard Layout Load

Pull Request - State: closed - Opened by Neo23x0 about 5 years ago - 2 comments

#91 - Newer versions of sysmon z-alphaversion

Issue - State: open - Opened by iboje about 5 years ago - 1 comment

#90 - z-AlphaVersion.xml broken on Sysmon 10.4?

Issue - State: closed - Opened by thefunch about 5 years ago - 2 comments

#89 - DNS Logging from Domain Controller/DNS Server

Issue - State: open - Opened by rbonfadini over 5 years ago - 4 comments

#88 - DNS Logging

Issue - State: open - Opened by svenso over 5 years ago

#87 - Rule Group Inclusion & Exclusion

Issue - State: closed - Opened by mtrog over 5 years ago - 1 comment

#86 - fixed typo in RecycleBin network rule

Pull Request - State: closed - Opened by tomx4096 over 5 years ago