I've updated DeepBlue-CLI to be compatible with running it's detections over a Windows Event Collection (WEC) server's "Forwarded Event Log". Also added the "MachineName" field to all outputs to differentiate machine names.
A few minor logic changes were made to accomplish this, more testing may be needed but this worked in my production environment.
I've updated DeepBlue-CLI to be compatible with running it's detections over a Windows Event Collection (WEC) server's "Forwarded Event Log". Also added the "MachineName" field to all outputs to differentiate machine names.
A few minor logic changes were made to accomplish this, more testing may be needed but this worked in my production environment.
Warning banner
Local versus Forwarded Host Local Log
ForwardedLog Host