Skip to content
/ sysmon-parser Public

Automatically generated Sysmon parser for Azure Sentinel

14 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

olafhartong/sysmon-parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

684 Commits
README.md
README.md
 
 
Sysmon-AllVersions_Parser.txt
Sysmon-AllVersions_Parser.txt
 
 
generate-parser.ps1
generate-parser.ps1
 
 

Repository files navigation

sysmon-parser

Automatically generated Sysmon parser for Azure Sentinel

Sysmon-AllVersions_Parser.txt can be loaded as a function in Azure Sentinel to parse all your events.

There is an Azure Devops pipeline that triggers daily to install the latest Sysmon version, extracts the schema and populates the parser with all unique fields.

The PowerShell script can also be run locally on a box which has Sysmon installed

About

Automatically generated Sysmon parser for Azure Sentinel

Resources

Readme
Activity

Stars

14 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages