GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ceramicskate0 → SWELF

ceramicskate0 / SWELF

Licence: AGPL-3.0 license
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

Programming Languages

C#
18002 projects

Labels

windowsanalyticsanalysisdotnetdetectionlogginglogscybersecuritysysmonsiemhuntingforwarderdefenseeventloglog-forwarderevtxlogging-frameworklogging-agentwindowsevents

Projects that are alternatives of or similar to SWELF

Sentinel Attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+2839.13%)
Mutual labels:  detection, cybersecurity, sysmon, siem
WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1821.74%)
Mutual labels:  analysis, logs, hunting
BTPS-SecPack
This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…
Stars: ✭ 33 (+43.48%)
Mutual labels:  cybersecurity, defense, windowsevents
Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Stars: ✭ 443 (+1826.09%)
Mutual labels:  detection, sysmon, evtx
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+3847.83%)
Mutual labels:  detection, logs, hunting
humble
A humble, and fast, security-oriented HTTP headers analyzer
Stars: ✭ 17 (-26.09%)
Mutual labels:  analysis, cybersecurity
volkscv
A Python toolbox for computer vision research and project
Stars: ✭ 58 (+152.17%)
Mutual labels:  analysis, detection
Kali-Linux-Tools-Interface
Graphical Web interface developed to facilitate the use of security information tools.
Stars: ✭ 169 (+634.78%)
Mutual labels:  analysis, cybersecurity
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+1134.78%)
Mutual labels:  analysis, siem
Detectionlab
Automate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+13973.91%)
Mutual labels:  detection, sysmon
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+12691.3%)
Mutual labels:  analysis, detection
Sooty
The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
Stars: ✭ 867 (+3669.57%)
Mutual labels:  analysis, cybersecurity
Mwdb Core
Malware repository component for samples & static configuration with REST API interface.
Stars: ✭ 125 (+443.48%)
Mutual labels:  analysis, cybersecurity
micro-code-analyser
A tiny Node.js microservice to detect the language of a code snippet
Stars: ✭ 21 (-8.7%)
Mutual labels:  analysis, detection
DomainCAT
Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (+47.83%)
Mutual labels:  analysis, cybersecurity
Chronos
Chronos - A static race detector for the go language
Stars: ✭ 272 (+1082.61%)
Mutual labels:  analysis, detection
Netcap
A framework for secure and scalable network traffic analysis - https://netcap.io
Stars: ✭ 1,519 (+6504.35%)
Mutual labels:  analysis, detection
Siem
SIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+582.61%)
Mutual labels:  analysis, siem
phisherprice
All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.
Stars: ✭ 38 (+65.22%)
Mutual labels:  analysis, cybersecurity
Awesome Threat Detection
A curated list of awesome threat detection and hunting resources
Stars: ✭ 1,804 (+7743.48%)
Mutual labels:  detection, hunting
View All Similar Projects ➔

Build

Like the work dont forget to hit that Star Button and Sponsor

Simple-Windows-Event-Log-Forwarder (SWELF)

Shameless plug to allow Support:

https://patreon.com/ceramicskate0

Get Latest Release

Summary:

If you can type this, Findthis ~ With this EventLog Name(Not required) ~ EventID(Not required) into a text file (Searchs.txt) you can find the logs you want from a windows machine and send just those to your SIEM.

Why SWELF and how is it diffrent from anything out there? Well, are you having the to many log issue? Or maybe just cant        
find what you want from a log forwarder? Want to quickly get the logs you want from local evtx files or eventlog service and 
then get them in the order they where made? Maybe the other log forwarders are just too complicated and you want something  
simple that can do it all? SWELF might be able to help you. You tell SWELF the the key words and/or Event Log Name and/or the 
event ID and it will find it for you. You can event tell it things like the minimum number of characters in log, or the 
maximum length of the command-line arguments, or the length of the log itself, then the SWELF app will send just that log to 
your Log Collection location from a windows machine in a variety of formats. SWELF is designed to be as small,lightweight, and 
windows native as possible with very low requirements and setup and still be a powerful and useful tool. SWELF is designed to 
put you back in control of your log data and your log forwarder as much as possible. Also, an interesting case has come up 
recently, that red teamers could use this to help simulate a SIEM on a VM for testing on an endpoint. SWELF is designed to be 
as small,lightweight, and  windows native as possible with very low requirements and setup and still be a powerful and useful 
tool.   SWELF is designed to put you back in control of your log data adn your log forwarder as much as possible. Also, an 
interesting case has come up recently, that red teamers could use this to help simulate a SIEM on a VM for testing on an 
endpoint.

Install:

Usage:

Requirements:

What can SWELF do:

  1. Read, search, and forward any Windows Eventlog and/or saved evtx (that are not I.O. locked) file for everything or just the log with the data you want.

  2. Read and search any local log file for everything or just the log with the data you want.

  3. Read, search, and forward any 'Powershell Plugin' (after attempting to force it through Microsoft AMSI) output (ie that script you like that you cant get output from at scale) for everything or just the log with the data you want.

Want to know more or have Questions check out the WIKI:

The details:

Now almost in full release.

SWELF is designed to be a simple enough for almost anyone to use for windows event log forwarding application with some speedy IR capabilities. As a forwarder the agent will 1st search your logs for what you want, then forward just those logs. Since SWELF is early release software this means there may be bugs that exist.

But this also means im taking almost any feature request (even if you dont code), deisgn recommendations, and basically any input you think is relavent. I will take it in the form of Twitter (https://twitter.com/Ceramicskate0?lang=en) or as Issue (Feature) request here on Github.

This app is a mainly a log forwarder with the ability to search, forward, and run your plugins. This means that you can tell your log forwarding agent (SWELF) exactly what logs to forward and it wont forward the rest (This will help with that pesky "to many logs", "we cant send those logs its to much noise", or "the SIEM cant handle all the logs" issues with SIEMs and IT Departments). ;D

For example, you want powershell logs (dont lie to yourself every security person does, or at least you better). You know what you want them to have in the log, or what they should looks like, or how long they are, or some keyword, then SWELF will forward in order just those logs.

SWELF Design (After Central Configuration is Pushed)

swelf design

Other SWELF related Projects

Legal Disclaimer:

If you choose to run the software on your machine, you accept the terms of use and any potential adverse actions that may befall your system. If you use this software you do so at your own risk and the liability is then accepted by you on execution. Note that the author is not responsible for the way the product software is used and the software comes without any warrenty. If you use the software (this means execution of it on a system) you acknowledge that you accept any risk or any outcome the use of the software causes. I have NEVER authorized, condoned, or recommend the use of anything in any of my repos for any malicious reason. Do not use for evil, malicious purposes, or on machines you do not own. I recommend that you always TEST it before you use it or deploy it. Use at your own risk. THIS IS OPEN SOURCE SOFTWARE AND IS ALMOST READY FOR PRODUCTION.

                GNU AFFERO GENERAL PUBLIC LICENSE
                   Version 3, 19 November 2007

Copyright (C) 2007 Free Software Foundation, Inc. https://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].