-
Named Panache (see refreshing photo below) cuz it's a mix of a lot of APT reports, tested hacking tools, analyzed malwares, blog posts and MITRE ATT&CK framework.
-
Sysmon schemaversion "4.1"
-
Main_Template.xml contains configuration of the less noisy sysmon event categories (i.e. WMI EventSubscription) and can be merged with any of the other event specific configuration files (i.e. Merge Main_Template.xml with ProcessCreate_config.xm to monitor process creation only).
-
Panache config covers more than 150 different attack techniques (including advanced ones) and also logs important and must to have events that can be processed at the SIEM end.
-
Example of evtx that are a result of testing Panache_Sysmon can be found in the ATT&CK EVTX repository (i.e. already tested against RedCanary Atomic RedTeam automated testing framework)
-
Remember, exclude configuration section always depend on your own environment (so make sure to add to it any observed false positives)
Let's Go Hunting, Maybe it's your day!
This repository has been archived by the owner on Aug 27, 2022. It is now read-only.
forked from gavz/Panache_Sysmon
polylogyx/Panache_Sysmon
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
A Sysmon Config for APTs Techniques Detection
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published