ICS Watch Dog

Microsoft Sysinternals Sysmon is one of the methods for improving your organization’s understanding of what has happened on your Microsoft servers and workstations. It improves your visibility while also providing the means to protect you system through application monitoring and control. The ICS Watch Dog project aims to provide a usable Sysmon implementation from the start of your monitoring program through its maturity. We are here to help your team and we are hoping your team will help this project via issues, comments, discussions, and usable templates.

Similar Projects

The following projects provide similar functionality and have also inspired some of the Sysmon templates used here.

• Microsoft Sysinternals Sysmon
• SwiftOnSecurity Sysmon Config
• Working With Sysmon Configurations Like a Pro Through Better Tooling - Matt Graeber
• Sysinternals Sysmon suspicious activity guide

Project License

Creative Commons Attribution 4.0 International: You may privatize, fork, edit, teach, publish, or deploy for commercial use - with attribution in the text.

Contributors

• Don C. Weber (cutaway)
• Aaron Boyd (icsblitz)
• Gavin Dilworth (zDHD)

Sponsor

This project was developed and is supported by Cutaway Security, LLC. in collaboration with each contributor.

You can other open source efforts for the ICS / OT community at the Cutaway Security GitHub.