
Attack Monitor is Python application written to enhance security monitoring capabilities of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis of malware. Current modes (mutually exclusive): Endpoint detection (ED) Malware analysis (on dedicated Virtual Machine) Based on events from: Windows event logs Sysmon Watchdog (Filesystem monitoring Python library) TShark (only malware analysis mode) Current version 0.9.0 (Alpha) Contact [email protected] Demo Supported OS Windows 7, 8, 10 (x86 or x64) Windows 2008, 2012, 2016 (x86 or x64) Pre-requirements Powershell 5 Sysmon (Downloaded, configured and installed by installer.py) Python 3.6 (64-bit) - should work on Python 3.x Tshark (Malware analysis only) Various Python3 libraries (requirements.txt) StoneEngine library (included, first time published, high level windows event log interface - Alpha state) Supported system events Some of the events are only supported in Malware Analysis Mode Filesystem changes Permitted network connections PowerShell activity (detailed only with PowerShell 5) Process creation....