Skip to content

SCS-Labs/ossec-sysmon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

150 Commits
mapping
mapping
 
 
response-scripts
response-scripts
 
 
0331-sysmon_rules.xml
0331-sysmon_rules.xml
 
 
0332-credential_access_rules.xml
0332-credential_access_rules.xml
 
 
0802-sysmon-supplement.xml
0802-sysmon-supplement.xml
 
 
0803-wmic_malicious_rules.xml
0803-wmic_malicious_rules.xml
 
 
0804-defender_bypass.xml
0804-defender_bypass.xml
 
 
0805-v10-sysmon-modular_rules.xml
0805-v10-sysmon-modular_rules.xml
 
 
0806-priv_esc_rules.xml
0806-priv_esc_rules.xml
 
 
0807-persistence_rules.xml
0807-persistence_rules.xml
 
 
0808-defense_evasion_rules.xml
0808-defense_evasion_rules.xml
 
 
0809-execution_rules.xml
0809-execution_rules.xml
 
 
0810-command_and_control_rules.xml
0810-command_and_control_rules.xml
 
 
0811-log_collection_rules.xml
0811-log_collection_rules.xml
 
 
0812-lateral_movement.xml
0812-lateral_movement.xml
 
 
README.md
README.md
 
 
generate-config.sh
generate-config.sh
 
 
install-rules.sh
install-rules.sh
 
 
local_rules.xml
local_rules.xml
 
 
osquery.conf
osquery.conf
 
 
sysmonconfig-05-16-20.xml
sysmonconfig-05-16-20.xml
 
 
sysmonconfig-06-24-20.xml
sysmonconfig-06-24-20.xml
 
 
sysmonconfig.xml
sysmonconfig.xml
 
 
windows-agent.conf
windows-agent.conf
 
 

Repository files navigation

ossec-sysmon

A Ruleset to enhance detection capabilities of Ossec using Sysmon

See the following post to see how this ruleset can help you detect Emotet and other malicious document malware.

https://laskowski-tech.com/2018/11/28/detecting-emotet-and-other-downloader-malware-with-ossec-wazuh/

Mapping

The 0805-sysmon-modular rules map to the Sysmon configuration by olafhartong and are tagged to the MITRE ATT&CK framework. You can find that at the following link.

https://github.com/olafhartong/sysmon-modular

About

A Ruleset to enhance detection capabilities of Ossec using Sysmon

laskowski-tech.com/2018/11/28/detecting-emotet-and-other-downloader-malware-with-ossec-wazuh/

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 51.0%
  • Shell 49.0%