SwiftOnSecurity/sysmon-config issues and pull requests

#85 - Bugfix: SecurityProvider reg key

Pull Request - State: closed - Opened by keepwatch over 5 years ago - 2 comments

#84 - Related proccess tree - have you any idea?

Issue - State: open - Opened by kont45 over 5 years ago

#83 - DestinationIp conditioned?

Issue - State: open - Opened by alchy over 5 years ago

#82 - added loopback address to networkconnect exclusions

Pull Request - State: closed - Opened by itpropaul over 5 years ago

#81 - Event IDs with both Include and Exclude Filters

Issue - State: open - Opened by itpropaul over 5 years ago - 6 comments

#80 - Evasion Technique Enhancements

Issue - State: open - Opened by trustedsec over 5 years ago

#79 - DNSQuery EID not found in event viewer

Issue - State: open - Opened by weiofcn over 5 years ago - 5 comments

#78 - typo fix: unexplanable > unexplainable

Pull Request - State: closed - Opened by itpropaul over 5 years ago

#77 - type fix unexplanable

Pull Request - State: closed - Opened by itpropaul over 5 years ago

#76 - FileCreate: match ".dmp" files

Pull Request - State: closed - Opened by simsor over 5 years ago

#75 - Update sysmonconfig-export.xml

Pull Request - State: closed - Opened by dstaulcu over 5 years ago

#74 - Issues with CommadnLine conditions "Testing Line Dllhost.exe exclusion"

Issue - State: open - Opened by johnyb0312 over 5 years ago - 5 comments

#73 - sysmonconfig-export.xml - Possible error in IMAP port

Issue - State: closed - Opened by fabamatic over 5 years ago - 1 comment

#72 - Missing LICENSE file

Issue - State: open - Opened by JonZeolla over 5 years ago

#71 - Fixed IMAP port

Pull Request - State: closed - Opened by esecrpm almost 6 years ago - 1 comment

#70 - Sysmon export logs to CSV | JSON | XML

Issue - State: closed - Opened by kont45 almost 6 years ago - 11 comments

#69 - Tracking SMB connections from the client?

Issue - State: closed - Opened by hkelley about 6 years ago - 2 comments

#68 - Wmi Events Log Generation

Issue - State: closed - Opened by nterl0k about 6 years ago - 1 comment

#67 - Incorrect Registry Location for WDigest Vuln

Issue - State: closed - Opened by twingbat about 6 years ago - 1 comment

#66 - Update IMAP-port in sysmonconfig-export.xml

Pull Request - State: closed - Opened by martboo about 6 years ago - 1 comment

#65 - Rename fixes

Pull Request - State: closed - Opened by ryanku98 over 6 years ago

#64 - Typo with rtf

Issue - State: closed - Opened by polylogyx over 6 years ago - 2 comments

#63 - Additional exclusions, corrected some capitalization issues

Pull Request - State: closed - Opened by ryanku98 over 6 years ago

#62 - Bug with FileCreate and Box Drive

Issue - State: closed - Opened by mhale1982 over 6 years ago - 1 comment

#61 - Sysmon Event ID 10 "Process accessed" not filtering

Issue - State: closed - Opened by rmfatemi over 6 years ago - 3 comments

#60 - Suggested exclusions for Win10

Pull Request - State: closed - Opened by davidbernalm over 6 years ago

#59 - Change IMAP port to the correct one

Pull Request - State: closed - Opened by paalbra over 6 years ago - 1 comment

#58 - RTF File Creation Typo

Issue - State: closed - Opened by p1sc3s over 6 years ago - 1 comment

#57 - Others minifilters - some logs are not saved by Sysmon

Issue - State: closed - Opened by kont45 over 6 years ago - 2 comments

#56 - Possible Config Issue on Win10

Issue - State: closed - Opened by robsmallridge over 6 years ago - 3 comments

#55 - Resilio Sync

Pull Request - State: closed - Opened by mubix over 6 years ago - 1 comment

#54 - Blizzard Agent

Pull Request - State: closed - Opened by mubix over 6 years ago - 2 comments

#53 - Micro-improvements to monitored scenarios

Pull Request - State: closed - Opened by threathunting over 6 years ago - 1 comment

#52 - WmiEvent onmatch error installing

Issue - State: closed - Opened by malwareandme almost 7 years ago

#51 - having Zone identifier appended to the file name

Issue - State: closed - Opened by anelshaer almost 7 years ago - 1 comment

#50 - Corrected typo for RTF extension

Pull Request - State: closed - Opened by kronflux almost 7 years ago

#49 - Typo on rtf file extension on line 476

Issue - State: closed - Opened by mcwidg3t almost 7 years ago - 2 comments

#48 - Fixed .rtf (was .rft)

Pull Request - State: closed - Opened by al45tair almost 7 years ago

#47 - Update to Sysmon 7.x schema version

Pull Request - State: closed - Opened by cxxr almost 7 years ago

#46 - Creating a Dummy process Image to test hashes in ELK (ID7)

Issue - State: closed - Opened by coolbluemoon34 almost 7 years ago - 1 comment

#45 - Sysmon v7 requires schema version update.

Issue - State: closed - Opened by kyhwana almost 7 years ago - 1 comment

#44 - SecurityProviders

Issue - State: closed - Opened by wolf0x almost 7 years ago - 1 comment

#43 - Error with Sysmon v6.20 DTD prohibited

Issue - State: closed - Opened by ghost almost 7 years ago - 9 comments

#42 - typo fixes

Pull Request - State: closed - Opened by Green-m about 7 years ago

#41 - Info sec serenity mc afee exceptions

Pull Request - State: closed - Opened by InfoSecSerenity about 7 years ago - 1 comment

#40 - Add Windows Trust registry keys to log

Pull Request - State: open - Opened by mdunten about 7 years ago

#39 - Rename patch-3 back to sysmonconfig-export.xml

Pull Request - State: closed - Opened by allykzam about 7 years ago - 1 comment

#38 - added 2 registry persistence methods

Pull Request - State: closed - Opened by SwiftOnSecurity about 7 years ago

#37 - added fltmc.exe detection, minifilter driver mngr

Pull Request - State: closed - Opened by olafhartong about 7 years ago

#36 - added 2 registry persistence methods

Pull Request - State: closed - Opened by olafhartong about 7 years ago

#35 - adding Splunk and Splunk UF exclusions

Pull Request - State: closed - Opened by olafhartong about 7 years ago - 1 comment

#34 - errors in config

Issue - State: closed - Opened by johnmccash about 7 years ago

#33 - MITRE ATT&CK Persistence detections

Issue - State: closed - Opened by vector-sec about 7 years ago

#32 - Add ProcessAccess rules

Pull Request - State: closed - Opened by Green-m over 7 years ago

#31 - Added 2 TargetFilenames

Pull Request - State: closed - Opened by olafhartong over 7 years ago

#30 - typo fixes

Pull Request - State: closed - Opened by weslambert over 7 years ago - 1 comment

#29 - fix "uninsteresting" typo

Pull Request - State: closed - Opened by dougburks over 7 years ago

#28 - fix "proyx" typo

Pull Request - State: closed - Opened by dougburks over 7 years ago

#27 - When is it an AND and when is it an OR ?

Issue - State: closed - Opened by KaptainKool over 7 years ago - 2 comments

#26 - some ideas

Pull Request - State: closed - Opened by ceramicskate0 over 7 years ago

#25 - Other persistence methods - SHIM, ServerLevelPluginDll

Pull Request - State: closed - Opened by Neo23x0 over 7 years ago - 1 comment

#24 - Sysmon Event ID 7 : DLL (IMAGE) LOADED BY PROCESS not filtering

Issue - State: closed - Opened by jrwalzer over 7 years ago - 6 comments

#23 - Error: Incorrect XML configuration: sysmonconfig-export.xml

Issue - State: closed - Opened by Chickenfoster over 7 years ago - 2 comments

#22 - Merge pull request #1 from SwiftOnSecurity/master

Pull Request - State: closed - Opened by vector-sec over 7 years ago - 1 comment

#21 - TargetObect "HKLM\..." with condition"end with"

Issue - State: closed - Opened by ManfMert over 7 years ago - 1 comment

#20 - Removed duplicate, added new network rules

Pull Request - State: closed - Opened by Neo23x0 over 7 years ago - 1 comment

#19 - Added powershell.exe network event monitoring

Pull Request - State: closed - Opened by Neo23x0 over 7 years ago

#18 - Image exclusion is not working for FileCreate

Issue - State: closed - Opened by PetrPoleshko over 7 years ago - 3 comments

#17 - test

Pull Request - State: closed - Opened by SwiftOnSecurity over 7 years ago

#16 - Creating pull to review changes, will not be merging automatically

Pull Request - State: closed - Opened by SwiftOnSecurity over 7 years ago

#15 - Exclude Dashlane

Pull Request - State: closed - Opened by NotAwful over 7 years ago

#14 - NetworkConnect Exclusion Recommendation

Issue - State: closed - Opened by vector-sec over 7 years ago - 1 comment

#13 - Review destination hostname filters

Issue - State: closed - Opened by SwiftOnSecurity over 7 years ago

#12 - Powershell without Powershell Filters

Issue - State: closed - Opened by ion-storm over 7 years ago - 2 comments

#11 - NetworkConnect Recommendation

Issue - State: closed - Opened by vector-sec over 7 years ago - 3 comments

#10 - ipadress.com isnt malicious ipaddress.com is

Pull Request - State: closed - Opened by dweee over 7 years ago

#9 - Monitor network traffic to dynamic DNS domains

Issue - State: closed - Opened by daniel-gallagher over 7 years ago - 2 comments
Labels: enhancement

#8 - excluded splunk in event id 1

Pull Request - State: closed - Opened by olafhartong over 7 years ago

#7 - Minor typo

Pull Request - State: closed - Opened by rmanly over 7 years ago

#6 - Typo?

Issue - State: closed - Opened by torgro over 7 years ago - 1 comment

#5 - Dropbox Updater

Issue - State: closed - Opened by Darkbat91 almost 8 years ago - 3 comments
Labels: enhancement

#4 - Include .cmd files which can also be used by batch scripts

Pull Request - State: closed - Opened by Phorofor almost 8 years ago

#3 - Extra semicolons prevent config import

Pull Request - State: closed - Opened by mmazanec almost 8 years ago

#2 - close comments in McAfee Image section

Pull Request - State: closed - Opened by rpunt almost 8 years ago

#1 - Addition of McAfee and Firefox

Pull Request - State: closed - Opened by Darkbat91 almost 8 years ago

GitHub / SwiftOnSecurity/sysmon-config issues and pull requests