├── CHANGELOG
├── Dependencies
    └── pywin32-227-cp27-cp27m-win_amd64.whl
├── Evtx
    ├── clasicInjection4.23.evtx
    ├── cobaltstrike4_23.evtx
    ├── duplicatetoken.evtx
    ├── ejer8_4.21.evtx
    ├── nacciones.evtx
    └── test.evtx
├── Images
    ├── Syspce1.PNG
    ├── Syspce2.PNG
    ├── Syspce3.PNG
    ├── Syspce4.png
    ├── baseline_engine.png
    └── realparent.png
├── LICENSE
├── README.md
├── RegistryKey
    └── registry_key.reg
├── Resources
    └── syspce.ico
├── SysmonConf
    ├── Sysmon4.30.xml
    └── full4.30.xml
├── baseline.rules
├── cache
    ├── 02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_process
    ├── 02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_threads
    ├── 02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_tokens
    └── 02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_vads
├── detection.macros
├── detection.rules
├── docs
    ├── _config.yml
    └── index.md
├── sysmonSchema3.4.xml
├── sysmonSchema4.21.xml
├── sysmonSchema4.23.xml
├── sysmonSchema4.30.xml
├── sysmonSchema4.40.xml
├── syspce.py
├── syspce_bucket.py
├── syspce_console.py
├── syspce_engine.py
├── syspce_engine_baseline.py
├── syspce_engine_filter.py
├── syspce_engine_hierarchy.py
├── syspce_info_tree.py
├── syspce_input.py
├── syspce_input_eventlog.py
├── syspce_input_evtx.py
├── syspce_input_volatility.py
├── syspce_job.py
├── syspce_manage_tree.py
├── syspce_manager.py
├── syspce_manager_control.py
├── syspce_manager_engine.py
├── syspce_manager_input.py
├── syspce_message.py
├── syspce_output.py
├── syspce_parser.py
├── syspce_processes_tree.py
└── test.rules


/CHANGELOG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/CHANGELOG


--------------------------------------------------------------------------------
/Dependencies/pywin32-227-cp27-cp27m-win_amd64.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Dependencies/pywin32-227-cp27-cp27m-win_amd64.whl


--------------------------------------------------------------------------------
/Evtx/clasicInjection4.23.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/clasicInjection4.23.evtx


--------------------------------------------------------------------------------
/Evtx/cobaltstrike4_23.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/cobaltstrike4_23.evtx


--------------------------------------------------------------------------------
/Evtx/duplicatetoken.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/duplicatetoken.evtx


--------------------------------------------------------------------------------
/Evtx/ejer8_4.21.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/ejer8_4.21.evtx


--------------------------------------------------------------------------------
/Evtx/nacciones.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/nacciones.evtx


--------------------------------------------------------------------------------
/Evtx/test.evtx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Evtx/test.evtx


--------------------------------------------------------------------------------
/Images/Syspce1.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/Syspce1.PNG


--------------------------------------------------------------------------------
/Images/Syspce2.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/Syspce2.PNG


--------------------------------------------------------------------------------
/Images/Syspce3.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/Syspce3.PNG


--------------------------------------------------------------------------------
/Images/Syspce4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/Syspce4.png


--------------------------------------------------------------------------------
/Images/baseline_engine.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/baseline_engine.png


--------------------------------------------------------------------------------
/Images/realparent.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Images/realparent.png


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/README.md


--------------------------------------------------------------------------------
/RegistryKey/registry_key.reg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/RegistryKey/registry_key.reg


--------------------------------------------------------------------------------
/Resources/syspce.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/Resources/syspce.ico


--------------------------------------------------------------------------------
/SysmonConf/Sysmon4.30.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/SysmonConf/Sysmon4.30.xml


--------------------------------------------------------------------------------
/SysmonConf/full4.30.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/SysmonConf/full4.30.xml


--------------------------------------------------------------------------------
/baseline.rules:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/baseline.rules


--------------------------------------------------------------------------------
/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_process:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_process


--------------------------------------------------------------------------------
/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_threads:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_threads


--------------------------------------------------------------------------------
/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_tokens:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_tokens


--------------------------------------------------------------------------------
/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_vads:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/cache/02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d_vads


--------------------------------------------------------------------------------
/detection.macros:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/detection.macros


--------------------------------------------------------------------------------
/detection.rules:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/detection.rules


--------------------------------------------------------------------------------
/docs/_config.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/docs/_config.yml


--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/docs/index.md


--------------------------------------------------------------------------------
/sysmonSchema3.4.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/sysmonSchema3.4.xml


--------------------------------------------------------------------------------
/sysmonSchema4.21.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/sysmonSchema4.21.xml


--------------------------------------------------------------------------------
/sysmonSchema4.23.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/sysmonSchema4.23.xml


--------------------------------------------------------------------------------
/sysmonSchema4.30.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/sysmonSchema4.30.xml


--------------------------------------------------------------------------------
/sysmonSchema4.40.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/sysmonSchema4.40.xml


--------------------------------------------------------------------------------
/syspce.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce.py


--------------------------------------------------------------------------------
/syspce_bucket.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_bucket.py


--------------------------------------------------------------------------------
/syspce_console.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_console.py


--------------------------------------------------------------------------------
/syspce_engine.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_engine.py


--------------------------------------------------------------------------------
/syspce_engine_baseline.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_engine_baseline.py


--------------------------------------------------------------------------------
/syspce_engine_filter.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_engine_filter.py


--------------------------------------------------------------------------------
/syspce_engine_hierarchy.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_engine_hierarchy.py


--------------------------------------------------------------------------------
/syspce_info_tree.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_info_tree.py


--------------------------------------------------------------------------------
/syspce_input.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_input.py


--------------------------------------------------------------------------------
/syspce_input_eventlog.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_input_eventlog.py


--------------------------------------------------------------------------------
/syspce_input_evtx.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_input_evtx.py


--------------------------------------------------------------------------------
/syspce_input_volatility.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_input_volatility.py


--------------------------------------------------------------------------------
/syspce_job.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_job.py


--------------------------------------------------------------------------------
/syspce_manage_tree.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_manage_tree.py


--------------------------------------------------------------------------------
/syspce_manager.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_manager.py


--------------------------------------------------------------------------------
/syspce_manager_control.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_manager_control.py


--------------------------------------------------------------------------------
/syspce_manager_engine.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_manager_engine.py


--------------------------------------------------------------------------------
/syspce_manager_input.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_manager_input.py


--------------------------------------------------------------------------------
/syspce_message.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_message.py


--------------------------------------------------------------------------------
/syspce_output.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_output.py


--------------------------------------------------------------------------------
/syspce_parser.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_parser.py


--------------------------------------------------------------------------------
/syspce_processes_tree.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/syspce_processes_tree.py


--------------------------------------------------------------------------------
/test.rules:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lab52io/Syspce/HEAD/test.rules


--------------------------------------------------------------------------------