Popular repositories Loading

1. Windows-Endpoint-Telemetry Windows-Endpoint-Telemetry Public

   Windows Telemetry Lab – Sysmon + Event ID 4688 + Splunk (Phase 1) Hands-on endpoint logging lab: Sysmon installation, Windows process telemetry, and SIEM ingestion.

2. Windows-Endpoint-Telemetry-and-SOC-Triage Windows-Endpoint-Telemetry-and-SOC-Triage Public

   Extended windows telemetry by validating host-based Sysmon and Event ID 4688 signals and preparing cloud-based SIEM ingestion for SOC-style detection and triage.