Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

Release

Free Tool Converts Sysmon Rules to uberAgent ESA Threat Detection

  • by Helge Klein
  • December 1, 2021

We’re excited to announce that the Sysmon to uberAgent ESA rule converter tool is available. The converter translates Sysmon rules into the format used by uberAgent ESA.

Why Offer a Sysmon Rule Converter?

Sysmon is one of the most popular endpoint detection tools. Numerous quality rulesets are maintained by the security community. The Sysmon converter makes those rulesets available for use with uberAgent ESA.

uberAgent ESA as Sysmon Alternative

We’re working hard to make uberAgent ESA the better Sysmon alternative. Take a look at this comparison for info on how the two stack up against each other.

Converting rules from Sysmon to uberAgent is possible because uberAgent’s versatile uAQL query language can be used to replicate the capabilities of Sysmon’s configuration – and much more. Take a look at this blog post for an introduction to uAQL.

How Does the Sysmon Rule Converter Work?

The converter reads Sysmon XML configuration files and translates the rules to the file format used by uberAgent ESA’s Threat Detection Engine.

Convert Individual Rules or Entire Directories

The converter is flexible: it can convert individual Sysmon rules from a single source file, but it can also read entire directories with Sysmon configuration files. In other words: the converter supports single-file Sysmon configurations like SwiftOnSecurity’s just as well as Olaf Hartong’s modular Sysmon repo.

Usage & Examples

Take a look at the converter’s readme for usage information.

Sysmon Converter Download

The Sysmon to uberAgent ESA converter is a free open-source tool developed and maintained by vast limits. To download the Sysmon converter, head over to the releases section of its GitHub repository.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Comments

Your email address will not be published. Required fields are marked *