Home Directory Plugins Security Check Windows for Indicators of Compromise - Via Event Logs

Search Exchange



Advanced Search

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Check Windows for Indicators of Compromise - Via Event Logs

Submit reviewRecommendPrintContact OwnerVisit
Rating
1 vote
Favoured:
0
Current Version
1.4
Last Release Date
2016-11-06
Compatible With
  • Nagios 4.x
  • Nagios XI
Owner
sicoirdh
Twitter Handle
@oneoffdallas
Website
www.linuxincluded.com/uncovering-indicators-of-compromise/
Download URL
github.com/oneoffdallas/check_ioc
License
GPL
Hits
9871
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule via a Nagios NCPA agent, however, it may also be run from a command-line (for incident response) as well. The script is heavily commented and very readable with numerous usage examples in the script itself. There is an accompanying SANS gold paper in the SANS Reading Room (https://www.sans.org/reading-room/) to learn more about the script and the methodology behind it. There is also an updated version of the gold paper found at the Linux Included (https://www.linuxincluded.com) website. If you have any issues or you would like to see other event IDs added, please let me know and I will make changes as necessary. Enjoy!
Reviews (0)

Be the first to review this listing!