Sysmon_OSSEC

Includes:

OSSEC Decoder for Sysmon Events (Event ID 1: Process Create)

Alert on Hash Ruleset: Example Rule to detect (by hash) psexec usage

Alert on Image Name Ruleset: Example Rules to detect (by image name) abnormal user behaviour

Process Anomalies Ruleset: Ruleset to detect Windows Process Anomalies