Extract IP and File Hash's in app algo, deal with config issues to turn features on and off, what to do with log data, and pull from more than sysmon log type - Githubissues

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

Extract IP and File Hash's in app algo, deal with config issues to turn features on and off, what to do with log data, and pull from more than sysmon log type #9

Closed ceramicskate0 closed 6 years ago

ceramicskate0 commented 6 years ago

Extract IP and File Hash's in app algo, deal with config issues to turn features on and off, what to do with log data, and pull from more than sysmon log type

ceramicskate0 commented 6 years ago

its in there but im not sure how to introduce end user to it yet and send to log collector/siem. Ideas?

ceramicskate0 commented 6 years ago

endpoint does VT lookup and if 1 found malicious send to siem??? issue with security of API key.........

ceramicskate0 commented 6 years ago

add true false to central app config file for Virustotal lookups (nned API key)(and API key secure storage for app)

ceramicskate0 commented 6 years ago

UNABLE TO SUPPORT THIS FEATURE ON ALL MOST ENVIRONMENTS WITH CURRENT APP SECURITY MODULE NOT GOING TO IMPLEMENT