nsacyber / Event Forwarding Guidance
Licence: other
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Stars: ✭ 605
Programming Languages
powershell
5483 projects
Projects that are alternatives of or similar to Event Forwarding Guidance
skalogs-bundle
Open Source data and event driven real time Monitoring and Analytics Platform
Stars: ✭ 16 (-97.36%)
Mutual labels: siem
blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
Stars: ✭ 102 (-83.14%)
Mutual labels: siem
GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-91.74%)
Mutual labels: siem
Logmira
Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (-92.4%)
Mutual labels: siem
SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-96.2%)
Mutual labels: siem
detection-rules
Threat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-94.38%)
Mutual labels: siem
ansible-splunk-playbook
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
Stars: ✭ 34 (-94.38%)
Mutual labels: siem
OpenSIEM-Logstash-Parsing
SIEM Logstash parsing for more than hundred technologies
Stars: ✭ 140 (-76.86%)
Mutual labels: siem
Kong-API-Manager
Kong API Manager with Prometheus And Graylog
Stars: ✭ 78 (-87.11%)
Mutual labels: siem
Attackdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-56.36%)
Mutual labels: siem
siemstress
Very basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-96.03%)
Mutual labels: siem
Security Apis
A collective list of public JSON APIs for use in security. Contributions welcome
Stars: ✭ 508 (-16.03%)
Mutual labels: siem
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-53.06%)
Mutual labels: siem
awesomekql
Azure Sentinel intrusion detection rules, recent exploits and lolbas :)
Stars: ✭ 16 (-97.36%)
Mutual labels: siem
Event Forwarding Guidance
This repository hosts content for aiding administrators in collecting security relevant Windows event logs using Windows Event Forwarding (WEF). This repository is a companion to Spotting the Adversary with Windows Event Log Monitoring paper. The list of events in this repository are more up to date than those in the paper.
The repository contains:
- Recommended Windows events to collect. Regardless of using WEF or a third party SIEM, the list of recommended events should be useful as a starting point for what to collect. The list of events in this repository are more up to date than those in the paper.
- Scripts to create custom Event Log views and create WEF subscriptions.
- WEF subscriptions in XML format.
Links
- Microsoft Windows Event Forwarding resources
- Use Windows Event Forwarding to help with intrusion detection
- Windows 10 and Windows Server 2016 security auditing and monitoring reference
- Microsoft's Threat Protection: Advanced security audit policy settings
- Microsoft's Threat Protection: Security auditing
- List of important events from Microsoft
- Microsoft SysInternals Sysmon
- ACSC GitHub Windows Event Logging repository
- ACSC Windows Event Logging Technical Guidance
- Creating Custom Windows Event Forwarding Logs
- Introducing Project Sauron
- Project Sauron GitHub repository
- Windows Event Forwarding for Network Defense
- Palantir Windows Event Forwarding GitHub repository
License
See LICENSE.
Disclaimer
See DISCLAIMER.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].