Search_Command that will search only network connections for hits on IP or part of/whole match of Domain/TLD

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

Search_Command that will search only network connections for hits on IP or part of/whole match of Domain/TLD #90

Closed ceramicskate0 closed 5 years ago

ceramicskate0 commented 5 years ago

Feature should be a command in the search config that can be IP or part of domain. Use sysmon by default or if it has a logname in search use search all feature to find if a log has contacted a domain.

Ideas: possibly use network_connect command and if middle arg is not a number then do this search?

ceramicskate0 commented 5 years ago

use search multiple and eventid to do this