EnableWindowsLogSettings
Log setup script
Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods
Documentation and scripts to properly enable Windows event logs.
571 stars
15 watching
51 forks
Language: Batchfile
last commit: about 2 years ago
Linked from 1 awesome list
auditingdfireventforensicshayabusalogsmonitoringsecuritysigmasysmonwindows
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 769 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
 sigmahq/sigma | A standardized format for describing log events to facilitate detection and analysis of security threats | 8,490 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 241 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 684 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 jscu-nl/logging-essentials | Provides guidance on configuring and collecting Windows event logs to enhance forensic analysis and incident response capabilities. | 276 |
 jdu2600/windows10etwevents | Collects and analyzes Windows 10 event tracing data from various providers across different versions. | 275 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 419 |
 asimihsan/cwl-mount | Mounts AWS CloudWatch Logs as a file system | 81 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,203 |
 realparisi/wmi_monitor | Logs WMI consumer and process creation events to the Windows Application event log | 124 |
 mdecrevoisier/splunk-input-windows-baseline | Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. | 85 |
 sud0woodo/dcomrade | Automates enumeration of vulnerable DCOM applications to aid in lateral movement and exploitation testing | 254 |