logging-essentials
Event logging guide
Provides guidance on configuring and collecting Windows event logs to enhance forensic analysis and incident response capabilities.
A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.
274 stars
20 watching
27 forks
last commit: about 3 years ago
Linked from 1 awesome list
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 jdu2600/windows10etwevents | Collects and analyzes Windows 10 event tracing data from various providers across different versions. | 267 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,190 |
 damienbod/aspnetcorenlog | An ASP.NET Core application demonstrating configuration and usage of NLog with various logging targets including MS SQL Server, PostgreSQL, MySQL, and Elasticsearch. | 60 |
 retracedhq/retraced | Provides a searchable, exportable record of read/write events | 358 |
 reed1713/elat | A toolset for analyzing Windows event logs to detect and analyze malware | 29 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 jvandevelde/dnxcore-logging-logstash | An extension that provides logging capabilities to .NET Core applications using UDP and Redis transports. | 8 |
 certsocietegenerale/irm | Operational guidelines and best practices for handling various types of security incidents | 978 |
 collective/collective.fingerpointing | Tracks and logs events in an audit log to maintain record of user activity and content lifecycle. | 5 |
 yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 763 |
 airbus-cert/timeliner | A tool for filtering and analyzing Windows event logs based on complex time-based conditions | 36 |
 threathunters-io/laurel | Transforms Linux audit logs into standardized, human-readable format for security monitoring | 711 |
 mdecrevoisier/splunk-input-windows-baseline | Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. | 81 |