SearchCommand for Sysmon logs to send event of program connecting to network (Sysmon eventid 3)

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

SearchCommand for Sysmon logs to send event of program connecting to network (Sysmon eventid 3) #51

Closed ceramicskate0 closed 6 years ago

ceramicskate0 commented 6 years ago

Is your feature request related to a problem? Please describe. Powershell used as call out for initial infection delivery. need that log.

Describe the solution you'd like Forward sysmon log for that event event id 3

Describe alternatives you've considered none

Additional context

ceramicskate0 commented 6 years ago

will be in next release

ceramicskate0 commented 6 years ago

added 0.3.3.0