Skip to content
/ noisy-sysmon Public

A very noisy (i.e. not for production use) Microsoft Sysmon configuration file that includes "name" metadata for every event.

License

Apache-2.0 license
4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

daveherrald/noisy-sysmon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
noisy-sysmon.xml
noisy-sysmon.xml
 
 

Repository files navigation

Noisy Sysmon Config

Here is a purposefully noisy Microsoft Sysmon configuration file which includes rule name metadata in every event. This should be useful for lab testing; in fact I created it specifically for testing the Splunk Technology Add-on for Sysmon. It uses version 4.1 of the Sysmon configuration schema and obviously requires Sysmon v8.0 or above.

This config IS NOT appropriate for production use. Use Swift on Security's Config (or a derivative of it) for that. Also, I borrowed comments from the SwiftOnSecurity config for use as the rule name metadata here.

Bring the noise!

About

A very noisy (i.e. not for production use) Microsoft Sysmon configuration file that includes "name" metadata for every event.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published