issues
search
palantir
/
windows-event-forwarding
A repository for using windows event forwarding for incident detection and response
Other
1.23k
stars
268
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Update Event-Log-Diagnostics.xml
#61
amadeuskonopko
opened
3 months ago
0
change security access right and max evt/sec to forward
#60
lprat
opened
1 year ago
1
Update README.md
#58
awesomecogs
opened
3 years ago
0
Spelling
#57
jsoref
opened
3 years ago
1
Update default log file size
#56
ruffy91
opened
3 years ago
1
Changed Autorunsc64.exe download to use HTTP URI
#55
null-default
opened
3 years ago
2
Download of Autorunsc64.exe Incorrectly Uses HTTPS
#54
null-default
opened
3 years ago
3
Fix query for logging event id 5138 as intended instead of 5178
#53
dboekhout
closed
2 years ago
1
Software-Restriction-Policies.xml incorrect syntax
#52
appelboom
opened
4 years ago
2
Update Shares.xml
#51
lengyeltom
closed
4 years ago
1
Event Providers and Channels - DB Audit Events
#50
Greyland99
opened
4 years ago
0
Audit CVE subscription
#49
mdecrevoisier
closed
2 years ago
0
Protected groups subscriptions
#48
mdecrevoisier
closed
2 years ago
0
Radius-NPS subscription
#47
mdecrevoisier
closed
2 years ago
0
DHCP server subscription
#46
mdecrevoisier
closed
2 years ago
0
Crytpo API subscription
#45
mdecrevoisier
closed
2 years ago
0
ADFS subscription
#44
mdecrevoisier
closed
2 years ago
0
Add OCSP settings
#43
mdecrevoisier
closed
2 years ago
0
Added query 4 and 5
#42
mdecrevoisier
closed
2 years ago
0
Add ID 6041 - CVE-2018-0886
#41
mdecrevoisier
closed
2 years ago
0
Update Windows-Defender.xml
#40
mdecrevoisier
closed
2 years ago
0
Push for performance improvement
#39
mdecrevoisier
opened
5 years ago
1
Collector Server
#38
coleJ98
opened
5 years ago
3
WEC won't forward events to self if WinRM GPO doesn't include IPv6 filter
#37
ghost
opened
5 years ago
3
EventID 4648 not included
#36
patrickg2525
closed
5 years ago
0
wecsvc stops working after a while
#35
bluedefxx
opened
5 years ago
26
Uploading subscription buffer increases
#34
novaksam
opened
5 years ago
1
Fixing exploit guard ep subscriptions.
#33
cryps1s
closed
5 years ago
0
Updating SubscriptionIds to be unique per subscription
#32
clong
closed
5 years ago
0
Fr/exploit guard asr
#31
cryps1s
closed
5 years ago
0
Add local group enumeration logic
#30
andyrobbins
closed
5 years ago
1
Are all servers/ workstations supposed to subscribe to all subscriptions?
#29
patrickg2525
closed
5 years ago
3
Authentication suppression rule may be a little aggressive for some
#28
uplateandonline
opened
6 years ago
1
Removing guidance to enable auditing of privilege use
#27
clong
closed
6 years ago
0
wecutil ss error x057
#26
adrwh
opened
6 years ago
4
Server 2016 collector woe
#25
mineral4x
opened
6 years ago
1
character encoding problems with some files
#24
patrickg2525
closed
6 years ago
2
Added enumeration of other persistence mechanisms to AutorunsToWinEventLog.ps1
#23
vector-sec
closed
5 years ago
3
DUMMY_EVENT & DUMMY_TEMPLATE in custom channels
#22
postbluecz
closed
6 years ago
2
Recommended WEC Server Hardware Specifications
#21
josephbleroy
closed
6 years ago
4
Fr/wef subscription table
#20
cryps1s
closed
6 years ago
0
Update Software-Restriction-Policies.xml
#19
craigsmooth
closed
6 years ago
1
Update Software-Restriction-Policies.xml
#18
craigsmooth
closed
6 years ago
1
Major overhaul.
#17
cryps1s
closed
6 years ago
0
Addressing text wrap issue in AutorunsToWinEventLog
#16
clong
closed
6 years ago
0
Wrapping of Image_Path and Hashes
#15
spaz1729
closed
6 years ago
5
Removed test channel
#14
ghost
closed
6 years ago
2
Adding ADFS, Duo, DG, EG, Office, WMI
#13
clong
closed
6 years ago
0
Adding CustomEventChannels.dll (includes sysmon & SRP)
#12
clong
closed
7 years ago
0
Don't hide Microsoft signed entries in AutorunsToWinEventLog
#11
clong
closed
6 years ago
1
Next