search

InQuest / awesome-yara

A curated list of awesome YARA rules, tools, and people.
Other
3.56k stars 487 forks source link

ELAT #2

Closed Beercow closed 7 years ago

Beercow commented 7 years ago

The EventShot script simply takes a snapshot of the event log(s) you select, then takes a second snapshot after you're done with your analysis, diffs the two files and parses the output. EventScan, can either scan the live system event logs against the EventLogIndicators directory of yara sigs or you can place event log files in the SCAN dir and search it with your yara sigs. https://github.com/reed1713/ELAT

rshipp commented 7 years ago

Thanks for the suggestion, looks like a neat tool.