Endpoint security - PSJoshi/Notes GitHub Wiki
- Insight agent - Endpoint monitoring and response - https://insightidr.help.rapid7.com/docs/the-insight-agent
- SysMon suspicious activity guide - https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-suspicious-activity-guide/
- SysMon config - https://github.com/SwiftOnSecurity/sysmon-config
- Sysmon link - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
- Host-based detection techniques pros and cons - https://posts.specterops.io/thoughts-on-host-based-detection-techniques-21d9c97082ce
- Open source endpoint detection and response "LimaCharlie" - https://github.com/refractionPOINT/limacharlie
- HELK - https://github.com/Cyb3rWard0g/HELK
- OsQuery from facebook - https://github.com/facebook/osquery
- Google rapid response(GRR) - https://github.com/google/grr
- Data collection using Kansa - https://github.com/davehull/Kansa
- Windows Logging service - https://digirati82.com/wls-information/
- LOG-MD free edition - https://www.imfsecurity.com/download