search

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
https://ceramicskate0.github.io/SWELF/
GNU Affero General Public License v3.0
24 stars 7 forks source link

Improved Security Checks for event log tampering #47

Closed ceramicskate0 closed 6 years ago

ceramicskate0 commented 6 years ago 
    public static bool Check_Windows_Event_Log_Size(string EVT_Log_Name)
    {
        //on a per log basis
        //compare original size to now size
        //if its less than windows default alert
        //also if last modified date for reg key is not as old as things around it
    }

    public static bool Check_Windows_Event_Log_Retention_Policy(string EVT_Log_Name)
    {
        //in reg key per log
        //all ffff's means no new logs added
    }

    public static bool Check_Windows_Event_Log_Has_Not_Recorded_Logs_In_X_Time(string EVT_Log_Name,int Time_of_Latest_Log)
    {
        //For a given eventlog when was the last time it was written to. Based on today - last time X. Alert yes or no.
    }

    public static bool Check_Windows_Event_Log_Popular_Event_Logs_Blank(string EVT_Log_Name)
    {
        //Popular windows event logs have nothing in them and they should
    }
ceramicskate0 commented 6 years ago

fixed 0.3.2.2